RE: ISA 2004, VPN, Network behind a network

From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Date: Wed, 23 Feb 2005 18:38:32 -0800
The message "ISA Server detected routes" is normally caused by
misconfigured subnet definitions (VPN included) at the ISA.

If you wanna send your ISAInfo, I can help you sort this out.
Trying to describe your ISA configuration without it is like listening
to Andy spell the word "a" in a single try.

-----Original Message-----
From: Paul Crisp [mailto:pcrisp@xxxxxxxxxxxxxxxxx] 
Sent: Wednesday, February 23, 2005 4:24 PM
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA 2004, VPN, Network behind a network

http://www.ISAserver.org

OK,
I have been racking my brain about this all night. 
First of all i have successfully installed ISA 2004 and setup VPN
access, both client and site-2-site. The problem i am experiencing is
this.
 
As a remote access user myself, i want to be able to VPN into our ISA
2004 server  (Not a problem in itself, works fine), but i also want to
gain access to two other subnets behind our ISA 2004.
 
I have read all of the articles regarding networks behind networks and i
have added the relevant ranges both to the Internal network and i have
also created the neccessary subnets and i have added manual persistant
routes as well. From the ISA server itself i can ping all subnets
without a problem, but as a VPN user i can only ever ping the subnet the
ISA itself sits on.
 
1 - What do i need to do to get this to work, i have been working on
home on this for the last 6hrs !! ?
 
Next question is, i keep getting this error
 
ISA Server detected routes through adapter "Intel(R) PRO/100+ Server
Adapter (PILA8470B) (Microsoft's Packet Scheduler) " that do not
correlate with the network element to which this adapter belongs. The
address ranges in conflict are:
192.?.?.255-192.?.?.255;192.?.?.0-192.?.?.255;. Fix the network element
and/or the routing table to make these ranges consistent; they should be
in both or in neither. If you recently created a remote site network,
check if the event recurs. If it does not, you may safely ignore this
message. 
 
2 - Again i have tried everything to add the correct address range to
the network, but this error persists. I did read an article on the
ISAServer.org forum and Tom said this can be ignored if all is working,
is that correct Tom ?
 
Third and final question is a slightly strange one.
 
RRAS. I have also upgraded another ISA 2000 server to 2004 and although
the RRAS does not contain any interfaces apart from the standard
physical and loopback interfaces, the ISA server keeps getting this
error
 
Description: The VPN connection attempt by user
<computername>\WORCESTER_BILL could not be established. The failure is
due to error: 0xc0040021
 
3 - Although i haven't had this specific error with ISA 2000 before, i
have experienced interfaces disapearing and then suddenly appearing in
RRAS and Windows 2000, can anyone shed any light ?
 
All help is extremely appreciated and if you require anymore information
i will be pleased to pass on
 
Regards
 
Paul Crisp
Snr Network Support Analyst
Metal Bulletin PLC
 
------------------------------------------------------------------------
------------------- 

This e-mail, together with any attachments, is confidential between the
sender and addressee(s). If you are not the intended recipient(s)of this
e-mail you should not copy it or use it for any purpose nor disclose its
contents to any person: to do so may be unlawful. If you have received
this e-mail by mistake please notify the sender immediately by e-mail
and delete this e-mail and any attachments from your system. To the
maximum extent permitted by law, Metal Bulletin PLC accepts no liability
for any loss or damage resulting from unauthorised use of this email or
any attachment or from unauthorised use of any information contained or
implied in the email or attachments.

Metal Bulletin PLC gives no warranty as to the security, accuracy or
completeness of this e-mail, or any attachments, after it has been
sentnor does it accept responsibility for any errors or omissions in the
contents of this message which arise as a result of the e-mail
transmission. The views and opinions of the sender are not necessarily
those of Metal Bulletin Plc

Metal Bulletin PLC takes care to check all outgoing emails but any
liability for any loss or damage resulting from any viruses that might
accompany this email or any attachments is excluded to the fullest
extent permitted by law. If you have reason to believe that this email
or any attachment is contaminated with any form of virus please delete
it from your system and advise us by return.

Metal Bulletin PLC reserves the right to monitor incoming and outgoing
emails to investigate or detect any unauthorised use of our system or
any other email system. As a result, we may monitor who is sending
and/or receiving email, the subject of emails and the content of emails
and we may collect related personal information about you within our
email system. We will use this information for the purposes set out
above and may also disclose it to relevant regulatory authorities.

Metal Bulletin PLC is a company registered in England and Wales under
registered number 142215 and whose registered office is at 3 Park
Terrace, Worcester Park, Surrey, KT4 7HY, England.  
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

All mail to and from this domain is GFI-scanned.
RE: ISA 2004, VPN, Network behind a network

Other related posts:
