RE: Problem with Routing and ISA 2004

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Sun, 17 Oct 2004 17:47:07 -0700

See if this helps you sort it out:
http://isaserver.org/articles/2004netinnet.html

It doesn't deal specifically with your scenario, but it should give you
a hint of what ISA expects to know about "remote" networks.

  Jim Harrison
  MCP(NT4, W2K), A+, Network+, PCG
  http://isaserver.org/Jim_Harrison/
  http://isatools.org
  Read the help / books / articles!

-----Original Message-----
From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] 
Sent: Sunday, October 17, 2004 09:49
To: [ISAserver.org Discussion List]
Subject: [isalist] Problem with Routing and ISA 2004

http://www.ISAserver.org

Hello,

I have ISA2004 setup with three adapters.

First adapter: internal
Second adapter: external
Third adapter: Remote network available through a private Hardware VPN.

ISA Network Relationships.

Internal to external (NAT)
Internal to remote (NAT)

Network Rules allow traffic from the internal to external
Network Rules allow traffic from internal to remote.

If I bring up both interfaces I can not communicate with the external
network
at all. I get the following error message in the isa logs.

Description: ISA Server detected routes through adapter "cs.cornell.edu"
that
do not correlate with the network element to which this adapter belongs.
The
address ranges in conflict are:
128.84.96.0-128.84.99.255;128.84.103.0-128.84.103.127;128.84.223.0-128.8
4.223
.255;128.84.227.0-128.84.227.255;. Fix the network element and/or the
routing
table to make these ranges consistent; they should be in both or in
neither.
If you recently created a remote site network, check if the event
recurs. If
it does not, you may safely ignore this message. 

ISA Server detected routes through adapter "rr.com (external)" that do
not
correlate with the network element to which this adapter belongs. The
address
ranges in conflict are:
128.84.96.0-128.84.99.255;128.84.103.0-128.84.103.127;128.84.223.0-128.8
4.223
.255;128.84.227.0-128.84.227.255;. Fix the network element and/or the
routing
table to make these ranges consistent; they should be in both or in
neither.
If you recently created a remote site network, check if the event
recurs. If
it does not, you may safely ignore this message. 

I have added each of the networks reachable on the other end of the
hardware
VPN in the RRAS static routes section. How can I get rid of this
conflit.
This setup was working fine for a month and then just stopped. 

Thanks

Bill

William Holmes (MCP)
Department of Computer Science
310 Upson Hall
Cornell University
Ithaca, NY 14853
wtholmes@xxxxxxxxxxxxxx
607 255-1757 (o) 607 227-6049 (c)
 

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.



Other related posts: