They should know by now that this isn't a good assumption. ;) Thomas W Shinder, M.D. Site: www.isaserver.org Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > Sent: Thursday, July 20, 2006 12:35 PM > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA Server 2004 may stop responding > when IP addresses from multiple subnets are bound to the same adaptor > > I don't see where you get that. > The statement is "configure an adaptor that has two IP > addresses from two different subnets". > It says nothing about them being remote subnets. > I think they assumed that anyone silly enough to assign IPs > from remote subnets wasn't qualified to build out a server in > the first place... > > ------------------------------------------------------- > Jim Harrison > MCP(NT4, W2K), A+, Network+, PCG > http://isaserver.org/Jim_Harrison/ > http://isatools.org > Read the help / books / articles! > ------------------------------------------------------- > > > -----Original Message----- > From: isapros-bounce@xxxxxxxxxxxxx > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > Sent: Thursday, July 20, 2006 10:24 > To: isapros@xxxxxxxxxxxxx > Subject: [isapros] Re: ISA Server 2004 may stop responding > when IP addresses from multiple subnets are bound to the same adaptor > > The KB implies that these are network IDs that are different > from the local interface's network ID. That's the problem with the KB. > > For example, scenario 1: > > NetID 1: 10.0.1.0/24 > NetID 2: 10.0.2.0/24 > > ISA interface on Network ID: > NetID 3: 10.0.3.0/16 > > In this scenario, the remote networks are on the same network > ID as the local ISA firewall's interface. Of course, the > remote networks see the ISA firewall's local interface as > being on a different network ID, so a router must be interposed. > > For example, scenario 2: > > NetID 1: 172.16.1.0/24 > NetID 2: 192.168.1.0/24 > > ISA interface on network ID: > NetID 3: 10.0.3.0/24 > > In this scenario, would you consider it valid to bind IP address > 192.168.1.1 to the ISA firewall interface on network ID 10.0.3.0? > > Scenario 2 is what the KB article implies. > > That's why they need to think about giving hard core examples > in these articles, otherwise they just contributed to the FUD. > > Thomas W Shinder, M.D. > Site: www.isaserver.org > Blog: http://blogs.isaserver.org/shinder/ > Book: http://tinyurl.com/3xqb7 > MVP -- ISA Firewalls > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison > > Sent: Thursday, July 20, 2006 11:35 AM > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] Re: ISA Server 2004 may stop responding when IP > > addresses from multiple subnets are bound to the same adaptor > > > > ?? > > Of course you can. > > So long as all those NetIds are segment-local, you can have > as many as > > you want. > > > > ------------------------------------------------------- > > Jim Harrison > > MCP(NT4, W2K), A+, Network+, PCG > > http://isaserver.org/Jim_Harrison/ > > http://isatools.org > > Read the help / books / articles! > > ------------------------------------------------------- > > > > > > -----Original Message----- > > From: isapros-bounce@xxxxxxxxxxxxx > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder > > Sent: Thursday, July 20, 2006 09:28 > > To: isapros@xxxxxxxxxxxxx > > Subject: [isapros] ISA Server 2004 may stop responding when IP > > addresses from multiple subnets are bound to the same adaptor > > > > And what's up with this? This isn't even a supported > scenario? When do > > you bind IP addresses from different network IDs to the same > > interface? > > > > ISA Server 2004 may stop responding when IP addresses from multiple > > subnets are bound to the same adaptor: > > http://support.microsoft.com/kb/898553/en-us > > > > > > All mail to and from this domain is GFI-scanned. > > > > > > > > > > > All mail to and from this domain is GFI-scanned. > > > >