[isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor

• From: gmulholland@xxxxxxxxxxxx
• To: isapros@xxxxxxxxxxxxx
• Date: Fri, 21 Jul 2006 10:43:23 +1000 (EST)

wow you guys are really goin at it today!! guess i'll just put the kettle
on :)

> Pssffft!
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
>
>
>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>> Sent: Thursday, July 20, 2006 1:00 PM
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: ISA Server 2004 may stop responding
>> when IP addresses from multiple subnets are bound to the same adaptor
>>
>> What; I think "..assign IPs from remote subnets wasn't
>> qualified.." is a very safe assumption.
>> :-p
>>
>> -------------------------------------------------------
>>    Jim Harrison
>>    MCP(NT4, W2K), A+, Network+, PCG
>>    http://isaserver.org/Jim_Harrison/
>>    http://isatools.org
>>    Read the help / books / articles!
>> -------------------------------------------------------
>>
>>
>> -----Original Message-----
>> From: isapros-bounce@xxxxxxxxxxxxx
>> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
>> Sent: Thursday, July 20, 2006 10:50
>> To: isapros@xxxxxxxxxxxxx
>> Subject: [isapros] Re: ISA Server 2004 may stop responding
>> when IP addresses from multiple subnets are bound to the same adaptor
>>
>> They should know by now that this isn't a good assumption. ;)
>>
>> Thomas W Shinder, M.D.
>> Site: www.isaserver.org
>> Blog: http://blogs.isaserver.org/shinder/
>> Book: http://tinyurl.com/3xqb7
>> MVP -- ISA Firewalls
>>
>>
>>
>> > -----Original Message-----
>> > From: isapros-bounce@xxxxxxxxxxxxx
>> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>> > Sent: Thursday, July 20, 2006 12:35 PM
>> > To: isapros@xxxxxxxxxxxxx
>> > Subject: [isapros] Re: ISA Server 2004 may stop responding when IP
>> > addresses from multiple subnets are bound to the same adaptor
>> >
>> > I don't see where you get that.
>> > The statement is "configure an adaptor that has two IP
>> addresses from
>> > two different subnets".
>> > It says nothing about them being remote subnets.
>> > I think they assumed that anyone silly enough to assign IPs from
>> > remote subnets wasn't qualified to build out a server in the first
>> > place...
>> >
>> > -------------------------------------------------------
>> >    Jim Harrison
>> >    MCP(NT4, W2K), A+, Network+, PCG
>> >    http://isaserver.org/Jim_Harrison/
>> >    http://isatools.org
>> >    Read the help / books / articles!
>> > -------------------------------------------------------
>> >
>> >
>> > -----Original Message-----
>> > From: isapros-bounce@xxxxxxxxxxxxx
>> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
>> > Sent: Thursday, July 20, 2006 10:24
>> > To: isapros@xxxxxxxxxxxxx
>> > Subject: [isapros] Re: ISA Server 2004 may stop responding when IP
>> > addresses from multiple subnets are bound to the same adaptor
>> >
>> > The KB implies that these are network IDs that are
>> different from the
>> > local interface's network ID. That's the problem with the KB.
>> >
>> > For example, scenario 1:
>> >
>> > NetID 1: 10.0.1.0/24
>> > NetID 2: 10.0.2.0/24
>> >
>> > ISA interface on Network ID:
>> > NetID 3: 10.0.3.0/16
>> >
>> > In this scenario, the remote networks are on the same network ID as
>> > the local ISA firewall's interface. Of course, the remote
>> networks see
>> > the ISA firewall's local interface as being on a different
>> network ID,
>> > so a router must be interposed.
>> >
>> > For example, scenario 2:
>> >
>> > NetID 1: 172.16.1.0/24
>> > NetID 2: 192.168.1.0/24
>> >
>> > ISA interface on network ID:
>> > NetID 3: 10.0.3.0/24
>> >
>> > In this scenario, would you consider it valid to bind IP address
>> > 192.168.1.1 to the ISA firewall interface on network ID 10.0.3.0?
>> >
>> > Scenario 2 is what the KB article implies.
>> >
>> > That's why they need to think about giving hard core
>> examples in these
>> > articles, otherwise they just contributed to the FUD.
>> >
>> > Thomas W Shinder, M.D.
>> > Site: www.isaserver.org
>> > Blog: http://blogs.isaserver.org/shinder/
>> > Book: http://tinyurl.com/3xqb7
>> > MVP -- ISA Firewalls
>> >
>> >
>> >
>> > > -----Original Message-----
>> > > From: isapros-bounce@xxxxxxxxxxxxx
>> > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
>> > > Sent: Thursday, July 20, 2006 11:35 AM
>> > > To: isapros@xxxxxxxxxxxxx
>> > > Subject: [isapros] Re: ISA Server 2004 may stop
>> responding when IP
>> > > addresses from multiple subnets are bound to the same adaptor
>> > >
>> > > ??
>> > > Of course you can.
>> > > So long as all those NetIds are segment-local, you can have
>> > as many as
>> > > you want.
>> > >
>> > > -------------------------------------------------------
>> > >    Jim Harrison
>> > >    MCP(NT4, W2K), A+, Network+, PCG
>> > >    http://isaserver.org/Jim_Harrison/
>> > >    http://isatools.org
>> > >    Read the help / books / articles!
>> > > -------------------------------------------------------
>> > >
>> > >
>> > > -----Original Message-----
>> > > From: isapros-bounce@xxxxxxxxxxxxx
>> > > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas
>> W Shinder
>> > > Sent: Thursday, July 20, 2006 09:28
>> > > To: isapros@xxxxxxxxxxxxx
>> > > Subject: [isapros] ISA Server 2004 may stop responding when IP
>> > > addresses from multiple subnets are bound to the same adaptor
>> > >
>> > > And what's up with this? This isn't even a supported
>> > scenario? When do
>> > > you bind IP addresses from different network IDs to the same
>> > > interface?
>> > >
>> > > ISA Server 2004 may stop responding when IP addresses
>> from multiple
>> > > subnets are bound to the same adaptor:
>> > > http://support.microsoft.com/kb/898553/en-us
>> > >
>> > >
>> > > All mail to and from this domain is GFI-scanned.
>> > >
>> > >
>> > >
>> > >
>> >
>> >
>> > All mail to and from this domain is GFI-scanned.
>> >
>> >
>> >
>> >
>>
>>
>> All mail to and from this domain is GFI-scanned.
>>
>>
>>
>>
>
>

• References:
  • [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
    • From: Thomas W Shinder

Other related posts:

• » [isapros] ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor

1. Home
2. isapros
3. Archive
4. 07-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---