[isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: <isapros@xxxxxxxxxxxxx>
- Date: Thu, 20 Jul 2006 13:03:10 -0500
Pssffft!
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Thursday, July 20, 2006 1:00 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA Server 2004 may stop responding
> when IP addresses from multiple subnets are bound to the same adaptor
>
> What; I think "..assign IPs from remote subnets wasn't
> qualified.." is a very safe assumption.
> :-p
>
> -------------------------------------------------------
> Jim Harrison
> MCP(NT4, W2K), A+, Network+, PCG
> http://isaserver.org/Jim_Harrison/
> http://isatools.org
> Read the help / books / articles!
> -------------------------------------------------------
>
>
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Thursday, July 20, 2006 10:50
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA Server 2004 may stop responding
> when IP addresses from multiple subnets are bound to the same adaptor
>
> They should know by now that this isn't a good assumption. ;)
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Thursday, July 20, 2006 12:35 PM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: ISA Server 2004 may stop responding when IP
> > addresses from multiple subnets are bound to the same adaptor
> >
> > I don't see where you get that.
> > The statement is "configure an adaptor that has two IP
> addresses from
> > two different subnets".
> > It says nothing about them being remote subnets.
> > I think they assumed that anyone silly enough to assign IPs from
> > remote subnets wasn't qualified to build out a server in the first
> > place...
> >
> > -------------------------------------------------------
> > Jim Harrison
> > MCP(NT4, W2K), A+, Network+, PCG
> > http://isaserver.org/Jim_Harrison/
> > http://isatools.org
> > Read the help / books / articles!
> > -------------------------------------------------------
> >
> >
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > Sent: Thursday, July 20, 2006 10:24
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: ISA Server 2004 may stop responding when IP
> > addresses from multiple subnets are bound to the same adaptor
> >
> > The KB implies that these are network IDs that are
> different from the
> > local interface's network ID. That's the problem with the KB.
> >
> > For example, scenario 1:
> >
> > NetID 1: 10.0.1.0/24
> > NetID 2: 10.0.2.0/24
> >
> > ISA interface on Network ID:
> > NetID 3: 10.0.3.0/16
> >
> > In this scenario, the remote networks are on the same network ID as
> > the local ISA firewall's interface. Of course, the remote
> networks see
> > the ISA firewall's local interface as being on a different
> network ID,
> > so a router must be interposed.
> >
> > For example, scenario 2:
> >
> > NetID 1: 172.16.1.0/24
> > NetID 2: 192.168.1.0/24
> >
> > ISA interface on network ID:
> > NetID 3: 10.0.3.0/24
> >
> > In this scenario, would you consider it valid to bind IP address
> > 192.168.1.1 to the ISA firewall interface on network ID 10.0.3.0?
> >
> > Scenario 2 is what the KB article implies.
> >
> > That's why they need to think about giving hard core
> examples in these
> > articles, otherwise they just contributed to the FUD.
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://blogs.isaserver.org/shinder/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> >
> >
> >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx
> > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > > Sent: Thursday, July 20, 2006 11:35 AM
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] Re: ISA Server 2004 may stop
> responding when IP
> > > addresses from multiple subnets are bound to the same adaptor
> > >
> > > ??
> > > Of course you can.
> > > So long as all those NetIds are segment-local, you can have
> > as many as
> > > you want.
> > >
> > > -------------------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > > -------------------------------------------------------
> > >
> > >
> > > -----Original Message-----
> > > From: isapros-bounce@xxxxxxxxxxxxx
> > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas
> W Shinder
> > > Sent: Thursday, July 20, 2006 09:28
> > > To: isapros@xxxxxxxxxxxxx
> > > Subject: [isapros] ISA Server 2004 may stop responding when IP
> > > addresses from multiple subnets are bound to the same adaptor
> > >
> > > And what's up with this? This isn't even a supported
> > scenario? When do
> > > you bind IP addresses from different network IDs to the same
> > > interface?
> > >
> > > ISA Server 2004 may stop responding when IP addresses
> from multiple
> > > subnets are bound to the same adaptor:
> > > http://support.microsoft.com/kb/898553/en-us
> > >
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > >
> > >
> >
> >
> > All mail to and from this domain is GFI-scanned.
> >
> >
> >
> >
>
>
> All mail to and from this domain is GFI-scanned.
>
>
>
>
Other related posts:
