[isalist] Re: Event id error messages 14147
- From: "Gerald G. Young" <g.young@xxxxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 16 Jul 2007 14:32:58 -0400
James,
The 192.168.100.0 – 192.168.100.255 was the proper way of defining that range
(assuming 24-bit mask).
Can you share an “ipconfig /all” and a “route print”?
ISA is complaining about 192.168.0.0 and 192.168.0.255 on your Windows
“Internal” network connection. Your routing table (route print) includes
routing entries for those two IP addresses.
Jim is right, though. For a fuller review of your system to better determine
what is the underlying cause, information gathered using ISAInfo would be very
helpful.
Also, see
http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4 for
the latest ISA Best Practices Analyzer (ISAInfo included) which has a nice
feature that will create a Visio diagram of your network as the ISA Server sees
it – helps to visualize potential issues with routing, etc.
Cordially yours,
Jerry G. Young II
Application Engineer
Platform Engineering and Architecture
NTT America, an NTT Communications Company
22451 Shaw Rd.
Sterling, VA 20166
Office: 571-434-1319
Fax: 703-333-6749
Email: g.young@xxxxxxxx <mailto:g.young@xxxxxxxx>
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of James May
Sent: Monday, July 16, 2007 2:15 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Event id error messages 14147
Jerry,
Actually I just check my internal address range was defined 192.168.100.0 –
192.168.100.255 and the same address range was defined for the subnets. I
changed them to 192.168.100.1 – 192.168.100.254
Jim May
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of James May
Sent: Monday, July 16, 2007 10:48 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Event id error messages 14147
Jerry,
Yes
I have defined the internal network adaptor for the subnet the isa server
resides 192.168.100.0 – 192.168.100.254
I have 3 Dial up vpn connections 1 for each remote site and internal defined
under networks. In the ISA mmc console
I have no gateway defined for the internal network card only and external
gateway is defined on the wan nic
I have the subnet mask defined on the internal nic 255.255.255.0
I’m using this ISA server for the following internet access for the location
WSUS and vpn site to site connections. Each locations has its own isa server
for the edge firewall protecting the internal network.
If I try to define the subnets as part of the internal network I will get and
error message stating a networks cannot overlap.
Should I change the subnet mask to class B on the internal nic__________
255.255.0.0 and then reboot the computer and try redefining the internal
network which will include the subnets?
Thanks,
Jim May
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Gerald G. Young
Sent: Monday, July 16, 2007 9:01 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Event id error messages 14147
ISA is basically saying that 192.168.0.0 and 192.168.0.255 are considered
routable (traffic sent to them goes to a gateway) but they are not defined in
your Internal network element. Did you set a range up as 192.168.0.1 –
192.168.0.254 in that network element?
What are the settings for your internal NIC (IP address, subnet mask, gateway)?
What ranges have you specified in your Internal network element?
How many interfaces do you have on your ISA server? I think you need at least
5 (1 for each site to site tunnel + 1 for your internal network).
What are you using the ISA server for? Just site to site VPN?
Cordially yours,
Jerry G. Young II
Application Engineer
Platform Engineering and Architecture
NTT America, an NTT Communications Company
22451 Shaw Rd.
Sterling, VA 20166
Office: 571-434-1319
Fax: 703-333-6749
Email: g.young@xxxxxxxx <mailto:g.young@xxxxxxxx>
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of James May
Sent: Monday, July 16, 2007 10:48 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Event id error messages 14147
Hello,
I keep getting 14147 ISA Server detected routes through adapter "Internal" that
do not correlate with the network element to which this adapter belongs. The
address ranges in conflict are: 192.168.0.0-192.168.0.0;
192.168.0.255-192.168.0.255. Fix the network element and/or the routing table
to make these ranges consistent; they should be in both or in neither. If you
recently created a remote site network, check if the event recurs. If it does
not, you may safely ignore this message.
I have 4 PPTP site to site tunnels setup and I just cannot seed to get rid of
this error message. I have followed the site to site procedure in the isa Tom’s
2004 Book and the network behind a network article published off isaserver.org.
Can anyone help? It seems that all the ip addresses the error messages are
referring to are the ones assigned to vpn clients or remote sites. Yes I have
created objects for the subnets and I’m using them for access rules in the
firewall policy.
Thanks,
Jim
Other related posts:
