RE: ISA Server detected routes
- From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 12:14:02 -0800
Any idea about my SMTP deal Jimbo?
t
-----
"I may disapprove of what you say,
but I will defend to the death your
right to say it."
----- Original Message -----
From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, December 19, 2005 10:51 AM
Subject: [isalist] RE: ISA Server detected routes
http://www.ISAserver.org
ISA derives the "appropriate address list" for a network from the Windows
routing table.
Since Windows views all RFC-1918 addresses "classly", it defines the
broadcast ranges without regard to the netmask actually applied to the
interface.
According to RFC-1918, those "private" subnets are defined thusly:
10/8 (bcst == 10.255.255.255)
172.16/12 (bcst = 172.31.255.255)
192.168/16 (bcst == 192.168.255.255)
Thus, ISA expects to see the broadcast address defined for the network where
that subnet is defined.
Add that missing range to your perimeter network and these alerts will
cease.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Monday, December 19, 2005 10:02
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Server detected routes
http://www.ISAserver.org
I'm b###ered if I can get rid of this annoying message.
Isa 2004, the internal range is 192.168.1.0/24
The perimiter range is 10.30.30.0/24
The wan IP is 192.168.0.1
Any pointers?
ISA Server detected routes through adapter Wide Area Connection that do not
correlate with the network element to which this adapter belongs.
For best practice, the address range of an ISA Server network should match
the address ranges routable through the associated network adapter as
defined in the routing table. Otherwise valid packets may be dropped as
spoofed. (This alert may occur momentarily when you create a remote site
network. You may safely ignore this message if it does not
reoccur.) The address ranges in conflict are:
10.255.255.255-10.255.255.255;.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts: