[isalist] Re: Subnetted & now ISA problems

  • From: "Rascher William" <wrascher@xxxxxxxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Thu, 10 Jul 2008 14:48:14 -0500

http://www.ISAserver.org
-------------------------------------------------------

Amy,

I went to Configuration/Networks/Address ranges and added the subnets
within ISA. We separated each campus, administration, & management into
a subnet/VLAN.

William

Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 60 08 ae ce 00 ...... 3Com 3C905TX-based Ethernet Adapter
(Generic)
0x10004 ...00 a0 c9 cf ba b2 ...... Intel(R) PRO/100B PCI Adapter (TX)
#2
========================================================================
===
Active Routes:
Network Destination        Netmask          Gateway       Interface
Metric
          0.0.0.0          0.0.0.0       10.114.0.1       10.114.0.2
20
         10.1.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
         10.2.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
         10.3.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
         10.4.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
        10.10.0.0      255.255.0.0        10.10.1.1        10.10.1.1
20
        10.10.1.1  255.255.255.255        127.0.0.1        127.0.0.1
20
        10.10.1.3  255.255.255.255        127.0.0.1        127.0.0.1
20
        10.11.0.0      255.255.0.0        10.10.1.2        10.10.1.1
1
       10.114.0.0      255.255.0.0       10.114.0.2       10.114.0.2
20
       10.114.0.2  255.255.255.255        127.0.0.1        127.0.0.1
20
       10.114.0.5  255.255.255.255        127.0.0.1        127.0.0.1
20
   10.255.255.255  255.255.255.255        10.10.1.1        10.10.1.1
20
   10.255.255.255  255.255.255.255       10.114.0.2       10.114.0.2
20
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1
1
        224.0.0.0        240.0.0.0        10.10.1.1        10.10.1.1
20
        224.0.0.0        240.0.0.0       10.114.0.2       10.114.0.2
20
  255.255.255.255  255.255.255.255        10.10.1.1        10.10.1.1
1
  255.255.255.255  255.255.255.255       10.114.0.2       10.114.0.2
1
Default Gateway:        10.114.0.1
========================================================================
===
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
         10.1.0.0      255.255.0.0        10.10.1.2       1
         10.2.0.0      255.255.0.0        10.10.1.2       1
         10.3.0.0      255.255.0.0        10.10.1.2       1
         10.4.0.0      255.255.0.0        10.10.1.2       1
        10.11.0.0      255.255.0.0        10.10.1.2       1

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Amy Babinchak
Sent: Thursday, July 10, 2008 14:34
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: Subnetted & now ISA problems

http://www.ISAserver.org
-------------------------------------------------------
  
William,

How did you configure the ISA server to recognize the new subnets? (as
an aside...wow, that's a lot of subnets for a small network)

Let's see the routing table and what your Internal network definition
is.

thanks,

Amy Babinchak


Harbor Computer Services |(248) 850-8616

Tech Blog http://securesmb.harborcomputerservices.net
Client Blog http://smalltechnotes.blogspot.com
Website http://www.harborcomputerservices.net

Buy My House http://tinyurl.com/5gb5n8

-----Original Message-----
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Rascher William
Sent: Thursday, July 10, 2008 3:21 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Subnetted & now ISA problems

http://www.ISAserver.org
-------------------------------------------------------
  
We have just finished dividing our network into 6 subnets and subnets
other than the one ISA 2006/Server 2003 are on have long delays before a
web page is displayed.  Most of the images don't load.  Would someone
point me in the right direction for a solution?  

William

Firewall log shows;
Denied, 0xc0040017, -, HTTP Proxy,
A non-SYN packet was dropped because it was sent by a source that does
not have an established connection with the ISA Server computer.

Denied, 0xc0040014, -, Unidentified IP Traffic
A packet was dropped because ISA Server determined that the source IP
address is spoofed.

Web log shows;
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:13, -, -, -, stj.msn.com,
10.10.1.1, 80, -, -, -, http, TCP, GET,
http://stj.msn.com/br/hp/en-us/js/50/hptr.js, -, -, 10054, -, External
Access rule, Req ID: 073473c7 , -, -, 0x2, Failed, -, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:14, -, -, -, www.msn.com,
207.68.173.231, 80, -, -, -, http, TCP, GET, http://www.msn.com/, -, -,
200, -, External Access rule, Req ID: 073473c5 , -, -, 0x400, Allowed,
-, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:14, -, -, -, stj.msn.com,
10.10.1.1, 80, -, -, -, http, TCP, GET,
http://stj.msn.com/br/hp/en-us/js/50/hp.js, -, -, 10054, -, External
Access rule, Req ID: 073473c8 , -, -, 0x882, Failed, -, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:43, -, -, -, stj.msn.com,
10.10.1.1, 80, -, -, -, http, TCP, GET,
http://stj.msn.com/br/hp/en-us/js/50/hptr.js, -, -, 10054, -, External
Access rule, Req ID: 073473d9 , -, -, 0x802, Failed, -, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:43, -, -, -, www.msn.com,
207.68.173.231, 80, -, -, -, http, TCP, GET, http://www.msn.com/, -, -,
200, -, External Access rule, Req ID: 073473d7 , -, -, 0xd00, Allowed,
-, -
10.2.0.204, anonymous, -, Y, 7/10/2008, 12:15:43, -, -, -, stj.msn.com,
10.10.1.1, 80, -, -, -, http, TCP, GET,
http://stj.msn.com/br/hp/en-us/js/50/hp.js, -, -, 10054, -, External
Access rule, Req ID: 073473da , -, -, 0x882, Failed, -, -

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 



------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/  
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp 
ISA Server Articles and Tutorials:
http://www.isaserver.org/articles_tutorials/ 
ISA Server Blogs: http://blogs.isaserver.org/ 
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com 
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp 
Report abuse to listadmin@xxxxxxxxxxxxx 

------------------------------------------------------
List Archives: //www.freelists.org/archives/isalist/
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/
ISA Server Blogs: http://blogs.isaserver.org/
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
To unsubscribe visit http://www.isaserver.org/pages/isalist.asp
Report abuse to listadmin@xxxxxxxxxxxxx

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 07-2008