James, The 192.168.100.0 – 192.168.100.255 was the proper way of defining that range (assuming 24-bit mask). Can you share an “ipconfig /all” and a “route print”? ISA is complaining about 192.168.0.0 and 192.168.0.255 on your Windows “Internal” network connection. Your routing table (route print) includes routing entries for those two IP addresses. Jim is right, though. For a fuller review of your system to better determine what is the underlying cause, information gathered using ISAInfo would be very helpful. Also, see http://www.microsoft.com/downloads/details.aspx?FamilyId=D22EC2B9-4CD3-4 for the latest ISA Best Practices Analyzer (ISAInfo included) which has a nice feature that will create a Visio diagram of your network as the ISA Server sees it – helps to visualize potential issues with routing, etc. Cordially yours, Jerry G. Young II Application Engineer Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx <mailto:g.young@xxxxxxxx> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of James May Sent: Monday, July 16, 2007 2:15 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Event id error messages 14147 Jerry, Actually I just check my internal address range was defined 192.168.100.0 – 192.168.100.255 and the same address range was defined for the subnets. I changed them to 192.168.100.1 – 192.168.100.254 Jim May From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of James May Sent: Monday, July 16, 2007 10:48 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Event id error messages 14147 Jerry, Yes I have defined the internal network adaptor for the subnet the isa server resides 192.168.100.0 – 192.168.100.254 I have 3 Dial up vpn connections 1 for each remote site and internal defined under networks. In the ISA mmc console I have no gateway defined for the internal network card only and external gateway is defined on the wan nic I have the subnet mask defined on the internal nic 255.255.255.0 I’m using this ISA server for the following internet access for the location WSUS and vpn site to site connections. Each locations has its own isa server for the edge firewall protecting the internal network. If I try to define the subnets as part of the internal network I will get and error message stating a networks cannot overlap. Should I change the subnet mask to class B on the internal nic__________ 255.255.0.0 and then reboot the computer and try redefining the internal network which will include the subnets? Thanks, Jim May From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Gerald G. Young Sent: Monday, July 16, 2007 9:01 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: Event id error messages 14147 ISA is basically saying that 192.168.0.0 and 192.168.0.255 are considered routable (traffic sent to them goes to a gateway) but they are not defined in your Internal network element. Did you set a range up as 192.168.0.1 – 192.168.0.254 in that network element? What are the settings for your internal NIC (IP address, subnet mask, gateway)? What ranges have you specified in your Internal network element? How many interfaces do you have on your ISA server? I think you need at least 5 (1 for each site to site tunnel + 1 for your internal network). What are you using the ISA server for? Just site to site VPN? Cordially yours, Jerry G. Young II Application Engineer Platform Engineering and Architecture NTT America, an NTT Communications Company 22451 Shaw Rd. Sterling, VA 20166 Office: 571-434-1319 Fax: 703-333-6749 Email: g.young@xxxxxxxx <mailto:g.young@xxxxxxxx> From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of James May Sent: Monday, July 16, 2007 10:48 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Event id error messages 14147 Hello, I keep getting 14147 ISA Server detected routes through adapter "Internal" that do not correlate with the network element to which this adapter belongs. The address ranges in conflict are: 192.168.0.0-192.168.0.0; 192.168.0.255-192.168.0.255. Fix the network element and/or the routing table to make these ranges consistent; they should be in both or in neither. If you recently created a remote site network, check if the event recurs. If it does not, you may safely ignore this message. I have 4 PPTP site to site tunnels setup and I just cannot seed to get rid of this error message. I have followed the site to site procedure in the isa Tom’s 2004 Book and the network behind a network article published off isaserver.org. Can anyone help? It seems that all the ip addresses the error messages are referring to are the ones assigned to vpn clients or remote sites. Yes I have created objects for the subnets and I’m using them for access rules in the firewall policy. Thanks, Jim