RE:
- From: "Steve Moffat" <steve@xxxxxxxxxx>
- To: "ISA Mailing List" <isalist@xxxxxxxxxxxxx>
- Date: Mon, 19 Dec 2005 15:09:12 -0400
Yah...sussed that out, but I took the easy way out, changed the
subnet...:)
-----Original Message-----
From: Jim Harrison [mailto:Jim@xxxxxxxxxxxx]
Sent: Monday, December 19, 2005 2:52 PM
To: ISA Mailing List
Subject:
http://www.ISAserver.org
ISA derives the "appropriate address list" for a network from the
Windows routing table.
Since Windows views all RFC-1918 addresses "classly", it defines the
broadcast ranges without regard to the netmask actually applied to the
interface.
According to RFC-1918, those "private" subnets are defined thusly:
10/8 (bcst == 10.255.255.255)
172.16/12 (bcst = 172.31.255.255)
192.168/16 (bcst == 192.168.255.255)
Thus, ISA expects to see the broadcast address defined for the network
where that subnet is defined.
Add that missing range to your perimeter network and these alerts will
cease.
-------------------------------------------------------
Jim Harrison
MCP(NT4, W2K), A+, Network+, PCG
http://isaserver.org/Jim_Harrison/
http://isatools.org
Read the help / books / articles!
-------------------------------------------------------
-----Original Message-----
From: Steve Moffat [mailto:steve@xxxxxxxxxx]
Sent: Monday, December 19, 2005 10:02
To: [ISAserver.org Discussion List]
Subject: [isalist] ISA Server detected routes
http://www.ISAserver.org
I'm b###ered if I can get rid of this annoying message.
Isa 2004, the internal range is 192.168.1.0/24
The perimiter range is 10.30.30.0/24
The wan IP is 192.168.0.1
Any pointers?
ISA Server detected routes through adapter Wide Area Connection that do
not correlate with the network element to which this adapter belongs.
For best practice, the address range of an ISA Server network should
match the address ranges routable through the associated network adapter
as defined in the routing table. Otherwise valid packets may be dropped
as spoofed. (This alert may occur momentarily when you create a remote
site network. You may safely ignore this message if it does not
reoccur.) The address ranges in conflict are:
10.255.255.255-10.255.255.255;.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
All mail to and from this domain is GFI-scanned.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
isalist@xxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
