See if this helps you sort it out: http://isaserver.org/articles/2004netinnet.html It doesn't deal specifically with your scenario, but it should give you a hint of what ISA expects to know about "remote" networks. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] Sent: Sunday, October 17, 2004 09:49 To: [ISAserver.org Discussion List] Subject: [isalist] Problem with Routing and ISA 2004 http://www.ISAserver.org Hello, I have ISA2004 setup with three adapters. First adapter: internal Second adapter: external Third adapter: Remote network available through a private Hardware VPN. ISA Network Relationships. Internal to external (NAT) Internal to remote (NAT) Network Rules allow traffic from the internal to external Network Rules allow traffic from internal to remote. If I bring up both interfaces I can not communicate with the external network at all. I get the following error message in the isa logs. Description: ISA Server detected routes through adapter "cs.cornell.edu" that do not correlate with the network element to which this adapter belongs. The address ranges in conflict are: 128.84.96.0-128.84.99.255;128.84.103.0-128.84.103.127;128.84.223.0-128.8 4.223 .255;128.84.227.0-128.84.227.255;. Fix the network element and/or the routing table to make these ranges consistent; they should be in both or in neither. If you recently created a remote site network, check if the event recurs. If it does not, you may safely ignore this message. ISA Server detected routes through adapter "rr.com (external)" that do not correlate with the network element to which this adapter belongs. The address ranges in conflict are: 128.84.96.0-128.84.99.255;128.84.103.0-128.84.103.127;128.84.223.0-128.8 4.223 .255;128.84.227.0-128.84.227.255;. Fix the network element and/or the routing table to make these ranges consistent; they should be in both or in neither. If you recently created a remote site network, check if the event recurs. If it does not, you may safely ignore this message. I have added each of the networks reachable on the other end of the hardware VPN in the RRAS static routes section. How can I get rid of this conflit. This setup was working fine for a month and then just stopped. Thanks Bill William Holmes (MCP) Department of Computer Science 310 Upson Hall Cornell University Ithaca, NY 14853 wtholmes@xxxxxxxxxxxxxx 607 255-1757 (o) 607 227-6049 (c) ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.