RE: Will this break the Firewall Service?
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 25 Mar 2003 18:37:21 -0600
Hi William,
Did you see Stefaan Pouseele's article on using off subnet addressing
and stub networks over at www.isaserver.org? Its quite good!
HTH,
Tom
Thomas W Shinder
www.isaserver.org/shinder
ISA Server and Beyond: http://tinyurl.com/1jq1
Configuring ISA Server: http://tinyurl.com/1llp
-----Original Message-----
From: William Robertson [mailto:william.robertson@xxxxxxxxx]
Sent: Tuesday, March 25, 2003 8:06 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] RE: Will this break the Firewall Service?
http://www.ISAserver.org
Well, I have tried using a private/off-subnet IP Address range for the
pool of addresses available for VPN Clients, but I still have the
problem wherein my Firewall Service gets his knickers in a not and won't
permit any normal outbound Firewall Client traffic.
Please could someone tell me what my (hopefully) obvious mistake is?
Cheers
William R.
-----Original Message-----
From: William Robertson [mailto:robertson.william@xxxxxxxxxxxxxx]
Sent: 25 March 2003 10:39 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] Will this break the Firewall Service?
http://www.ISAserver.org
Hi there
Instead of posing my problem scenario, let me just ask the following:
(All
IP Addresses have been changed to protect the innocent)
If I have an internal network using a Public Address range
123.123.x.x
and I have my ISA Server accepting VPN connections on the ISA's external
Interface
200.123.200.123
and I tell RRAS to assign IP Addresses to VPN Clients from a Pool of
addresses setup within RRAS
123.123.123.1 - 123.123.123.255
Will this cause a problem on my ISA Firewall? As I have it, my ISA
should
get confused about where to send VPN traffic and then where to send
normal
Internal LAN traffic? But that is not the problem, my VPN connections
work
like a charm.
The problem is that when I connect via VPN I get many ISA Alerts such
as:
- ISA Server detected a change in the IP routing table of the computer.
- ISA Server detected a change in the IP addresses of the computer.
- ISA Server detected that network interface card (NIC) WAN (PPP/SLIP)
Interface, with IP address 123.123.123.1, was disabled.
- Microsoft Firewall failed. The failure occurred during Initialization
of
reverse Network Address Translation (NAT). (This message appears for
each
Server Publishing rule that I have)
And when this happens, all of my other outbound Firewall Connections
fail.
E.g. All Server Publishing, SMTP Mail, Outbound SAP links. All Web Proxy
connections work like a charm, it just appears that the Firewall Service
has got a bit stuck.
To resolve this I need to restart ALL ISA Services, not just the
Firewall
Service.
Can someone perhaps conclude whether the IP Addressing that I am using
could be the major cause of my problems? The thing is I can only test
again after hours so I am just trying to get my bag of tricks filled
with
some ideas from you guys before I tackle the problem later.
Cheers
William R.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
robertson.william@xxxxxxxxxxxxxx
To unsubscribe send a blank email to
$subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Exchange Server Resource Site: http://www.msexchange.org/
Windows Security Resource Site: http://www.windowsecurity.com/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
