Will this break the Firewall Service?
- From: "William Robertson" <robertson.william@xxxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Tue, 25 Mar 2003 01:38:59 -0700
Hi there
Instead of posing my problem scenario, let me just ask the following: (All
IP Addresses have been changed to protect the innocent)
If I have an internal network using a Public Address range
123.123.x.x
and I have my ISA Server accepting VPN connections on the ISA's external
Interface
200.123.200.123
and I tell RRAS to assign IP Addresses to VPN Clients from a Pool of
addresses setup within RRAS
123.123.123.1 - 123.123.123.255
Will this cause a problem on my ISA Firewall? As I have it, my ISA should
get confused about where to send VPN traffic and then where to send normal
Internal LAN traffic? But that is not the problem, my VPN connections work
like a charm.
The problem is that when I connect via VPN I get many ISA Alerts such as:
- ISA Server detected a change in the IP routing table of the computer.
- ISA Server detected a change in the IP addresses of the computer.
- ISA Server detected that network interface card (NIC) WAN (PPP/SLIP)
Interface, with IP address 123.123.123.1, was disabled.
- Microsoft Firewall failed. The failure occurred during Initialization of
reverse Network Address Translation (NAT). (This message appears for each
Server Publishing rule that I have)
And when this happens, all of my other outbound Firewall Connections fail.
E.g. All Server Publishing, SMTP Mail, Outbound SAP links. All Web Proxy
connections work like a charm, it just appears that the Firewall Service
has got a bit stuck.
To resolve this I need to restart ALL ISA Services, not just the Firewall
Service.
Can someone perhaps conclude whether the IP Addressing that I am using
could be the major cause of my problems? The thing is I can only test
again after hours so I am just trying to get my bag of tricks filled with
some ideas from you guys before I tackle the problem later.
Cheers
William R.
Other related posts:
