[isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Thu, 20 Jul 2006 10:34:46 -0700
I don't see where you get that.
The statement is "configure an adaptor that has two IP addresses from two
different subnets".
It says nothing about them being remote subnets.
I think they assumed that anyone silly enough to assign IPs from remote subnets
wasn't qualified to build out a server in the first place...
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: isapros-bounce@xxxxxxxxxxxxx [mailto:isapros-bounce@xxxxxxxxxxxxx] On
Behalf Of Thomas W Shinder
Sent: Thursday, July 20, 2006 10:24
To: isapros@xxxxxxxxxxxxx
Subject: [isapros] Re: ISA Server 2004 may stop responding when IP addresses
from multiple subnets are bound to the same adaptor
The KB implies that these are network IDs that are different from the local
interface's network ID. That's the problem with the KB.
For example, scenario 1:
NetID 1: 10.0.1.0/24
NetID 2: 10.0.2.0/24
ISA interface on Network ID:
NetID 3: 10.0.3.0/16
In this scenario, the remote networks are on the same network ID as the local
ISA firewall's interface. Of course, the remote networks see the ISA firewall's
local interface as being on a different network ID, so a router must be
interposed.
For example, scenario 2:
NetID 1: 172.16.1.0/24
NetID 2: 192.168.1.0/24
ISA interface on network ID:
NetID 3: 10.0.3.0/24
In this scenario, would you consider it valid to bind IP address
192.168.1.1 to the ISA firewall interface on network ID 10.0.3.0?
Scenario 2 is what the KB article implies.
That's why they need to think about giving hard core examples in these
articles, otherwise they just contributed to the FUD.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Thursday, July 20, 2006 11:35 AM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA Server 2004 may stop responding when IP
> addresses from multiple subnets are bound to the same adaptor
>
> ??
> Of course you can.
> So long as all those NetIds are segment-local, you can have as many as
> you want.
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Thursday, July 20, 2006 09:28
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] ISA Server 2004 may stop responding when IP
> addresses from multiple subnets are bound to the same adaptor
>
> And what's up with this? This isn't even a supported scenario? When do
> you bind IP addresses from different network IDs to the same
> interface?
>
> ISA Server 2004 may stop responding when IP addresses from multiple
> subnets are bound to the same adaptor:
> http://support.microsoft.com/kb/898553/en-us
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
All mail to and from this domain is GFI-scanned.
Other related posts:
