RE: S2S VPN: why are static routes sometimes needed?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Sun, 8 Jan 2006 14:30:16 -0600
By using the ROUTE ADD command.
Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://spaces.msn.com/members/drisa/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls
**Who is John Galt?**
> -----Original Message-----
> From: MJ [mailto:mjtech@xxxxxxxxx]
> Sent: Sunday, January 08, 2006 2:25 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: S2S VPN: why are static routes
> sometimes needed?
>
> http://www.ISAserver.org
>
> ok then how will it reach this route:
>
> Network Destination Netmask Gateway
> Interface Metric
> 192.168.1.0 255.255.255.0 10.254.253.1
> 10.254.253.10 1
>
> if there is no gateway(10.254.253.1) configured on the
> interface(10.254.253.10)?
>
> just wondering.
>
> Thanks
>
> From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> Sent: Sunday, January 08, 2006 3:16 PM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] RE: S2S VPN: why are static routes
> sometimes needed?
>
>
> http://www.ISAserver.org
>
> Routing table entries.
>
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://spaces.msn.com/members/drisa/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> **Who is John Galt?**
>
>
>
> > -----Original Message-----
> > From: MJ [mailto:mjtech@xxxxxxxxx]
> > Sent: Sunday, January 08, 2006 2:09 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: S2S VPN: why are static routes
> > sometimes needed?
> >
> > http://www.ISAserver.org
> >
> > then how will ISA reach all routes outside it's own subnet?
> >
> > -----Original Message-----
> > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx]
> > Sent: Sunday, January 08, 2006 3:03 PM
> > To: [ISAserver.org Discussion List]
> > Subject: [isalist] RE: S2S VPN: why are static routes
> > sometimes needed?
> >
> >
> > http://www.ISAserver.org
> >
> > Having a default gateway configured on the internal interface
> > will cause
> > BIG problems.
> >
> > Thomas W Shinder, M.D.
> > Site: www.isaserver.org
> > Blog: http://spaces.msn.com/members/drisa/
> > Book: http://tinyurl.com/3xqb7
> > MVP -- ISA Firewalls
> > **Who is John Galt?**
> >
> >
> >
> > > -----Original Message-----
> > > From: MJ [mailto:mjtech@xxxxxxxxx]
> > > Sent: Sunday, January 08, 2006 1:59 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: S2S VPN: why are static routes
> > > sometimes needed?
> > >
> > > http://www.ISAserver.org
> > >
> > > Will not having a default gateway on the inside interface
> casue this
> > > problem?
> > >
> > > -----Original Message-----
> > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > Sent: Sunday, January 08, 2006 1:53 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: S2S VPN: why are static routes
> > > sometimes needed?
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > In order to solve this question, you need to compare:
> > > - windows routing table (route print)
> > > - Windows IP configuration (ipconfig)
> > > - ISA network object addresses
> > >
> > > If there are *any* addresses defined in an ISA network
> > > address list that
> > > disagree with the Windows routing table, you'll see these alerts.
> > >
> > > --------------------------------------------
> > > Jim Harrison
> > > MCP(NT4, W2K), A+, Network+, PCG
> > > http://isaserver.org/Jim_Harrison/
> > > http://isatools.org
> > > Read the help / books / articles!
> > > --------------------------------------------
> > >
> > > -----Original Message-----
> > > From: MJ [mailto:mjtech@xxxxxxxxx]
> > > Sent: Sunday, January 08, 2006 10:44 AM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: S2S VPN: why are static routes
> > > sometimes needed?
> > >
> > > http://www.ISAserver.org
> > >
> > > thanks for responding.
> > > what you're saying makes sense to me, but what the error
> message is
> > > talking
> > > about is something else.
> > > this is something that I don't see through "route print"
> > > here is all the message:
> > > --------------------------------------------------------------
> > > ----------
> > > ----
> > > -------------------------------------------------
> > > Description: ISA Server detected routes through adapter
> > > InternalConnection
> > > that do not correlate with the network element to which
> this adapter
> > > belongs. For best practice, the address range of an ISA
> > Server network
> > > should match the address ranges routable through the
> > > associated network
> > > adapter as defined in the routing table. Otherwise valid
> > > packets may be
> > > dropped as spoofed. (This alert may occur momentarily when
> > > you create a
> > > remote site network. You may safely ignore this message if
> > it does not
> > > reoccur.) The address ranges in conflict are:
> > > 10.1.10.0-10.1.10.15;10.2.0.0-10.2.0.255;10.2.1.16-10.2.1.48;1
> > > 0.2.1.51-1
> > > 0.2.
> > > 1.55;10.2.1.64-10.2.1.80;10.2.1.83-10.2.2.255;10.2.5.0-10.2.16
> > > .51;10.2.1
> > > 6.53
> > > -10.2.255.255;10.192.0.0-10.192.1.255;10.192.3.0-10.192.190.25
> > > 5;10.192.1
> > > 93.0
> > > -10.192.255.255;10.249.0.0-10.249.1.4;10.249.1.6-10.249.2.255;
> > > 10.249.4.0
> > > -10.
> > > 249.4.255;10.249.6.0-10.249.6.255;10.249.8.0-10.249.9.255;10.2
> > > 49.12.0-10
> > > .249
> > > .255.255;10.254.237.0-10.254.245.255;10.254.255.0-10.254.255.2
> > > 55;172.16.
> > > 0.0-
> > > 172.16.252.255;172.16.254.0-172.16.255.255;192.168.0.0-192.168
> > > .19.255;19
> > > 2.16
> > > 8.30.0-192.168.99.255;192.168.115.0-192.168.118.255;192.168.13
> > > 5.0-192.16
> > > 8.13
> > > 5.255;192.168.137.0-192.168.141.255;192.168.161.0-192.168.162.
> > > 255;192.16
> > > 8.16
> > > 6.0-192.168.166.255;192.168.168.0-192.168.168.255;192.168.182.
> > > 0-192.168.
> > > 198.
> > > 255;192.168.200.0-192.168.200.255;192.168.211.0-192.168.211.25
> > > 5;192.168.
> > > 223.
> > > 0-192.168.223.255;192.168.225.0-192.168.225.255;192.168.236.0-
> > > 192.168.24
> > > 4.25
> > > 5;192.168.246.0-192.168.247.255;192.168.249.0-192.168.253.255;
> > > 192.168.25
> > > 5.0-
> > > 192.168.255.255;.
> > > <br>ISA Server detected routes through adapter
> > InternetConnection that
> > > do
> > > not correlate with the network element to which this
> > adapter belongs.
> > > For
> > > best practice, the address range of an ISA Server network
> > should match
> > > the
> > > address ranges routable through the associated network adapter as
> > > defined in
> > > the routing table. Otherwise valid packets may be dropped
> > as spoofed.
> > > (This
> > > alert may occur momentarily when you create a remote site
> > network. You
> > > may
> > > safely ignore this message if it does not reoccur.) The
> > > address ranges
> > > in
> > > conflict are:
> > > 10.2.0.0-10.2.0.255;10.2.1.16-10.2.1.48;10.2.1.51-10.2.1.55;10
> > > .2.1.64-10
> > > .2.1
> > > .80;10.2.1.83-10.2.2.255;10.2.5.0-10.2.16.51;10.2.16.53-10.2.2
> > > 55.255;10.
> > > 192.
> > > 0.0-10.192.1.255;10.192.3.0-10.192.190.255;10.192.193.0-10.192
> > > .255.255;1
> > > 0.24
> > > 9.0.0-10.249.1.4;10.249.1.6-10.249.2.255;10.249.4.0-10.249.4.2
> > > 55;10.249.
> > > 6.0-
> > > 10.249.6.255;10.249.8.0-10.249.9.255;10.249.12.0-10.249.255.25
> > > 5;10.254.2
> > > 37.0
> > > -10.254.245.255;10.254.255.0-10.254.255.255;172.16.0.0-172.16.
> > > 252.255;17
> > > 2.16
> > > .254.0-172.16.255.255;192.168.0.0-192.168.19.255;192.168.30.0-
> > > 192.168.99
> > > .255
> > > ;192.168.115.0-192.168.118.255;192.168.135.0-192.168.135.255;1
> > > 92.168.137
> > > .0-1
> > > 92.168.141.255;192.168.161.0-192.168.162.255;192.168.166.0-192
> > > .168.166.2
> > > 55;1
> > > 92.168.168.0-192.168.168.255;192.168.182.0-192.168.198.255;192
> > > .168.200.0
> > > -192
> > > .168.200.255;192.168.211.0-192.168.211.255;192.168.223.0-192.1
> > > 68.223.255
> > > ;192
> > > .168.225.0-192.168.225.255;192.168.236.0-192.168.244.255;192.1
> > > 68.246.0-1
> > > 92.1
> > > 68.247.255;192.168.249.0-192.168.253.255;192.168.255.0-192.168
> > > .255.255;1
> > > 0.1.
> > > 10.0-10.1.10.15;10.255.255.255-10.255.255.255;.
> > > --------------------------------------------------------------
> > > ----------
> > > ----
> > > -------------------------------------------------
> > >
> > > Thanks
> > >
> > > -----Original Message-----
> > > From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx]
> > > Sent: Sunday, January 08, 2006 1:37 PM
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: S2S VPN: why are static routes
> > > sometimes needed?
> > >
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Roy,
> > >
> > > I'm not sure I understand your question!?!?
> > >
> > > If I'm the administrator of ISA-A, I define the remote network
> > > 192.168.44.0/24 as reachable through the tunnel endpoint
> > 192.168.1.30.
> > > Now,
> > > 192.168.1.0/24 is a directly connected network. Why do I need
> > > to create
> > > a
> > > static route for 192.168.44.0/24 with Gateway
> 192.168.1.30 before it
> > > works?
> > >
> > > Thanks,
> > > Stefaan
> > >
> > > -----Original Message-----
> > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > > Sent: zondag 8 januari 2006 14:12
> > > To: [ISAserver.org Discussion List]
> > > Subject: [isalist] RE: S2S VPN: why are static routes
> > > sometimes needed?
> > >
> > > http://www.ISAserver.org
> > >
> > > Hi Stefaan,
> > >
> > > Let us cencer on your initial diagrams you illustruated.
> > > In case the S2S VPN is within the protected network of ISA,
> > > it would be
> > > another story.
> > >
> > > If your saying "The route decision should be made on the outer IP
> > > header"
> > > is correct, why you need to addup a static route from ISA-A
> > > to internal
> > > network ID of ISA-B, then why you ask for this question??
> > >
> > > Thanks,
> > >
> > > Roy Tsao
> > >
> > > > Hi Roy,
> > > >
> > > > You wrote "ISA decides route before processing ESP". That
> > would be a
> > > > very stupid way of determining the route! The route
> > > decision should be
> > > > made on the outer IP header (the tunnel) and not on the inner IP
> > > > header (the encapsulated traffic). In my case the remote tunnel
> > > > endpoint is on a direct connected network. So, the router RTR
> > > shouldn't be
> > > envolved at all.
> > > >
> > > > As an example, two more diagrams were a S2S VPN
> > connection is needed
> > > > through a partner connection:
> > > >
> > > > +--- [RT1] --- Internet
> > > > LAN --- [ISA] ---+
> > > > +--- [RT2] --- Partner Network
> > > >
> > > >
> > > > LAN --- [ISA] --- [RT1] --- Internet
> > > > !
> > > > +------ [RT2] --- Partner Network
> > > >
> > > >
> > > > Thanks,
> > > > Stefaan
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Roy Tsao [mailto:roy_tsao@xxxxxxxxxxxx]
> > > > Sent: zondag 8 januari 2006 9:24
> > > > To: [ISAserver.org Discussion List]
> > > > Subject: [isalist] RE: S2S VPN: why are static routes sometimes
> > > needed?
> > > >
> > > > http://www.ISAserver.org
> > > >
> > > >
> > > > Hi Stefaan,
> > > >
> > > > After various lab test by me and also other ISA fans, we
> > suspect in
> > > our
> > > > environment, you can add up a static route from
> upstream router to
> > > ISA-B's
> > > > external NIC. This is becuase
> > > > - no route tale change at ISA after enable S2S IPsec Tunnel VPN
> > > > - ISA decides route before processing ESP
> > > > - ESP is sent based on fixed route when packet exit ISA.
> > > > - when upstream router receive ESP heading for ISA-B's
> > > exernal NIC, it
> > > has
> > > > no route information at all!
> > > >
> > > > To addup a static route at ISA-A to ISA-B's internal
> > > network ID is one
> > > of
> > > > soultion based on above reason. However, is it more
> > proper to set up
> > > adjust
> > > > route setting at upstream route? or any reason like
> > security concern
> > > is
> > > > there making impossible?
> > > >
> > > > As for your 2nd test scenario, may I understand the failure
> > > is due to
> > > > diabled packet relay at router side?
> > > >
> > > >
> > > >
> > > > > Hi Jim,
> > > > >
> > > > > OK, I took up the challenge and replaced ISA-B with a
> > Windows 2003
> > > > > RRAS server :-)
> > > > >
> > > > > With the help of
> > > > >
> http://support.microsoft.com/default.aspx?scid=kb;en-us;816514 I
> > > > > configured an IPSec tunnel to the ISA-A. Guess what... you are
> > > right!
> > > > > I found exact the same behavior.
> > > > >
> > > > > I even simplified further the test environment as follows:
> > > > >
> > > > > 192.168.1.0/24
> > > > > vvv
> > > > > LAN-A -------- [ISA-A] ---+
> > > > > 192.168.22.0/24 .10 !
> > > > > +--- [RTR] --- Internet
> > > > > ! .1
> > > > > .30 !
> > > > > LAN-B -------- [ISA-B] ---+
> > > > > 192.168.44.0/24
> > > > >
> > > > >
> > > > > On ISA-A:
> > > > > ---------
> > > > >
> > > > > Remote Site Network contains:
> > > > > - 192.168.1.30/32
> > > > > - 192.168.44.0/24
> > > > >
> > > > > If Default gateway = 192.168.1.1 then the static route
> > > > > '192.168.44.0/24 Gateway 192.168.1.30' is needed.
> > > > > If Default gateway = 192.168.1.30 then no static routes
> > > are needed.
> > > > >
> > > > >
> > > > > On ISA-B:
> > > > > ---------
> > > > >
> > > > > Remote Site Network contains:
> > > > > - 192.168.1.10/32
> > > > > - 192.168.22.0/24
> > > > >
> > > > > If Default gateway = 192.168.1.1 then the static route
> > > > > '192.168.22.0/24 Gateway 192.168.1.10' is needed.
> > > > > If Default gateway = 192.168.1.10 then no static routes
> > > are needed.
> > > > >
> > > > >
> > > > > Thanks,
> > > > > Stefaan
> > > > >
> > > > > -----Original Message-----
> > > > > From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
> > > > > Sent: dinsdag 27 december 2005 21:23
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] RE: S2S VPN: why are static routes
> sometimes
> > > needed?
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > That is odd, but I'll bet you find that this behavior
> > is the same
> > > > > without ISA.
> > > > > RRAS and the TCP/IP stack, not ISA, handle the actual packet
> > > routing.
> > > > >
> > > > > --------------------------------------------
> > > > > Jim Harrison
> > > > > MCP(NT4, W2K), A+, Network+, PCG
> > > > > http://isaserver.org/Jim_Harrison/
> > > > > http://isatools.org
> > > > > Read the help / books / articles!
> > > > > --------------------------------------------
> > > > > -----Original Message-----
> > > > > From: Stefaan Pouseele [mailto:stefaan.pouseele@xxxxxxxxx]
> > > > > Sent: Tuesday, December 27, 2005 4:58 AM
> > > > > To: [ISAserver.org Discussion List]
> > > > > Subject: [isalist] S2S VPN: why are static routes
> > > sometimes needed?
> > > > >
> > > > > http://www.ISAserver.org
> > > > >
> > > > > Hi,
> > > > >
> > > > > it seems that if a S2S VPN connection of type IPSec
> > Tunnel is used
> > > and
> > > > > if the remote tunnel endpoint can't be reached through
> > the default
> > > > > gateway, then you need to create extra static routes for
> > > the remote
> > > > > network ID's reachable through that remote tunnel
> > > endpoint. I don't
> > > > > understand why this is needed? Take note that there were
> > > no problems
> > > > > in setting up the IPSec MM and QM SA's!
> > > > >
> > > > > To explain it better, here is a little diagram of the
> lab setup:
> > > > >
> > > > > 192.168.1.0/24
> > > > > vvv
> > > > > LAN-A -------- [ISA-A] ---+
> > > > > 192.168.22.0/24 .10 !
> > > > > +--- [RTR] --- Internet
> > > > > ! .1
> > > > > .30 !
> > > > > [RTR-B]
> > > > > ! .1
> > > > > .10 !
> > > > > LAN-B -------- [ISA-B] ---+
> > > > > 192.168.44.0/24 ^^^
> > > > > 192.168.11.0/24
> > > > >
> > > > >
> > > > > On ISA-A:
> > > > > ---------
> > > > >
> > > > > Remote Site Network contains:
> > > > > - 192.168.11.10/32
> > > > > - 192.168.44.0/24
> > > > >
> > > > > Default gateway: 192.168.1.1
> > > > >
> > > > > Static routes configured:
> > > > > - 192.168.11.0/24 Gateway 192.168.1.30
> > > > > - 192.168.44.0/24 Gateway 192.168.1.30 <<<< WHY is this
> > one needed
> > > ???
> > > > >
> > > > >
> > > > > On ISA-B:
> > > > > ---------
> > > > >
> > > > > Remote Site Network contains:
> > > > > - 192.168.1.10/32
> > > > > - 192.168.22.0/24
> > > > >
> > > > > Default Gateway: 192.168.11.1
> > > > >
> > > > > No static routes configured.
> > > > >
> > > > >
> > > > > Test:
> > > > > -----
> > > > >
> > > > > From a host on LAN-B ping a host on LAN-A. Without the
> > > static route
> > > > > '192.168.44.0/24 Gateway 192.168.1.30' on ISA-A, I can
> > > see the ping
> > > > > request and reply on LAN-A but the reply never makes
> it back to
> > > LAN-B.
> > > > > The ping reply just disappeared into thin air! Creating
> > the static
> > > > > route and bingo, it works. What's the logic behind this
> > behavior?
> > > > >
> > > > >
> > > > > Thanks,
> > > > > Stefaan
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > mjtech@xxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > jim@xxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > > All mail to and from this domain is GFI-scanned.
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org
> > Discussion List as:
> > > mjtech@xxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> > > ------------------------------------------------------
> > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > ISA Server Newsletter:
> http://www.isaserver.org/pages/newsletter.asp
> > > ISA Server FAQ:
> http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > > ------------------------------------------------------
> > > Visit TechGenix.com for more information about our other sites:
> > > http://www.techgenix.com
> > > ------------------------------------------------------
> > > You are currently subscribed to this ISAserver.org Discussion
> > > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > > To unsubscribe visit
> > > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > > Report abuse to listadmin@xxxxxxxxxxxxx
> > >
> > >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org
> Discussion List as:
> > mjtech@xxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
> > ------------------------------------------------------
> > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> > ------------------------------------------------------
> > Visit TechGenix.com for more information about our other sites:
> > http://www.techgenix.com
> > ------------------------------------------------------
> > You are currently subscribed to this ISAserver.org Discussion
> > List as: tshinder@xxxxxxxxxxxxxxxxxx
> > To unsubscribe visit
> > http://www.webelists.com/cgi/lyris.pl?enter=isalist
> > Report abuse to listadmin@xxxxxxxxxxxxx
> >
> >
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> mjtech@xxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Visit TechGenix.com for more information about our other sites:
> http://www.techgenix.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion
> List as: tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe visit
> http://www.webelists.com/cgi/lyris.pl?enter=isalist
> Report abuse to listadmin@xxxxxxxxxxxxx
>
>
Other related posts:
