RE: ISA Server detected routes

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 19 Dec 2005 10:51:37 -0800

ISA derives the "appropriate address list" for a network from the Windows 
routing table.
Since Windows views all RFC-1918 addresses "classly", it defines the broadcast 
ranges without regard to the netmask actually applied to the interface.
According to RFC-1918, those "private" subnets are defined thusly:
10/8 (bcst == 10.255.255.255)
172.16/12 (bcst = 172.31.255.255)
192.168/16 (bcst == 192.168.255.255)

Thus, ISA expects to see the broadcast address defined for the network where 
that subnet is defined.
Add that missing range to your perimeter network and these alerts will cease.


-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx] 
Sent: Monday, December 19, 2005 10:02
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Server detected routes

http://www.ISAserver.org

I'm b###ered if I can get rid of this annoying message.

Isa 2004, the internal range is 192.168.1.0/24

The perimiter range is 10.30.30.0/24

The wan IP is 192.168.0.1

Any pointers?



 ISA Server detected routes through adapter Wide Area Connection that do not 
correlate with the network element to which this adapter belongs.
For best practice, the address range of an ISA Server network should match the 
address ranges routable through the associated network adapter as defined in 
the routing table. Otherwise valid packets may be dropped as spoofed. (This 
alert may occur momentarily when you create a remote site network. You may 
safely ignore this message if it does not
reoccur.)  The address ranges in conflict are:
10.255.255.255-10.255.255.255;.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: 
jim@xxxxxxxxxxxx To unsubscribe visit 
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2005