RE: ISA Server detected routes

  • From: "Thor \(Hammer of God\)" <thor@xxxxxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Mon, 19 Dec 2005 12:14:02 -0800

Any idea about my SMTP deal Jimbo?

t

-----
"I may disapprove of what you say,
but I will defend to the death your
right to say it."


----- Original Message ----- From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, December 19, 2005 10:51 AM
Subject: [isalist] RE: ISA Server detected routes


http://www.ISAserver.org

ISA derives the "appropriate address list" for a network from the Windows routing table.
Since Windows views all RFC-1918 addresses "classly", it defines the broadcast ranges without regard to the netmask actually applied to the interface.
According to RFC-1918, those "private" subnets are defined thusly:
10/8 (bcst == 10.255.255.255)
172.16/12 (bcst = 172.31.255.255)
192.168/16 (bcst == 192.168.255.255)

Thus, ISA expects to see the broadcast address defined for the network where that subnet is defined.
Add that missing range to your perimeter network and these alerts will cease.


-------------------------------------------------------
  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!
-------------------------------------------------------


-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Monday, December 19, 2005 10:02
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Server detected routes

http://www.ISAserver.org

I'm b###ered if I can get rid of this annoying message.

Isa 2004, the internal range is 192.168.1.0/24

The perimiter range is 10.30.30.0/24

The wan IP is 192.168.0.1

Any pointers?



ISA Server detected routes through adapter Wide Area Connection that do not correlate with the network element to which this adapter belongs.
For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not
reoccur.) The address ranges in conflict are:
10.255.255.255-10.255.255.255;.

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.


------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as: thor@xxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx




Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 12-2005