[isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: <isapros@xxxxxxxxxxxxx>
• Date: Thu, 20 Jul 2006 12:50:04 -0500

They should know by now that this isn't a good assumption. ;)

Thomas W Shinder, M.D.
Site: www.isaserver.org
Blog: http://blogs.isaserver.org/shinder/
Book: http://tinyurl.com/3xqb7
MVP -- ISA Firewalls

 

> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> Sent: Thursday, July 20, 2006 12:35 PM
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA Server 2004 may stop responding 
> when IP addresses from multiple subnets are bound to the same adaptor
> 
> I don't see where you get that.
> The statement is "configure an adaptor that has two IP 
> addresses from two different subnets".
> It says nothing about them being remote subnets.
> I think they assumed that anyone silly enough to assign IPs 
> from remote subnets wasn't qualified to build out a server in 
> the first place...
> 
> -------------------------------------------------------
>    Jim Harrison
>    MCP(NT4, W2K), A+, Network+, PCG
>    http://isaserver.org/Jim_Harrison/
>    http://isatools.org
>    Read the help / books / articles!
> -------------------------------------------------------
>  
> 
> -----Original Message-----
> From: isapros-bounce@xxxxxxxxxxxxx 
> [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> Sent: Thursday, July 20, 2006 10:24
> To: isapros@xxxxxxxxxxxxx
> Subject: [isapros] Re: ISA Server 2004 may stop responding 
> when IP addresses from multiple subnets are bound to the same adaptor
> 
> The KB implies that these are network IDs that are different 
> from the local interface's network ID. That's the problem with the KB.
> 
> For example, scenario 1:
> 
> NetID 1: 10.0.1.0/24
> NetID 2: 10.0.2.0/24
> 
> ISA interface on Network ID:
> NetID 3: 10.0.3.0/16
> 
> In this scenario, the remote networks are on the same network 
> ID as the local ISA firewall's interface. Of course, the 
> remote networks see the ISA firewall's local interface as 
> being on a different network ID, so a router must be interposed.
> 
> For example, scenario 2:
> 
> NetID 1: 172.16.1.0/24
> NetID 2: 192.168.1.0/24
> 
> ISA interface on network ID:
> NetID 3: 10.0.3.0/24
> 
> In this scenario, would you consider it valid to bind IP address
> 192.168.1.1 to the ISA firewall interface on network ID 10.0.3.0?
> 
> Scenario 2 is what the KB article implies.
> 
> That's why they need to think about giving hard core examples 
> in these articles, otherwise they just contributed to the FUD.
> 
> Thomas W Shinder, M.D.
> Site: www.isaserver.org
> Blog: http://blogs.isaserver.org/shinder/
> Book: http://tinyurl.com/3xqb7
> MVP -- ISA Firewalls
> 
>  
> 
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Harrison
> > Sent: Thursday, July 20, 2006 11:35 AM
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] Re: ISA Server 2004 may stop responding when IP 
> > addresses from multiple subnets are bound to the same adaptor
> > 
> > ??
> > Of course you can. 
> > So long as all those NetIds are segment-local, you can have 
> as many as 
> > you want.
> > 
> > -------------------------------------------------------
> >    Jim Harrison
> >    MCP(NT4, W2K), A+, Network+, PCG
> >    http://isaserver.org/Jim_Harrison/
> >    http://isatools.org
> >    Read the help / books / articles!
> > -------------------------------------------------------
> >  
> > 
> > -----Original Message-----
> > From: isapros-bounce@xxxxxxxxxxxxx
> > [mailto:isapros-bounce@xxxxxxxxxxxxx] On Behalf Of Thomas W Shinder
> > Sent: Thursday, July 20, 2006 09:28
> > To: isapros@xxxxxxxxxxxxx
> > Subject: [isapros] ISA Server 2004 may stop responding when IP 
> > addresses from multiple subnets are bound to the same adaptor
> > 
> > And what's up with this? This isn't even a supported 
> scenario? When do 
> > you bind IP addresses from different network IDs to the same 
> > interface?
> > 
> > ISA Server 2004 may stop responding when IP addresses from multiple 
> > subnets are bound to the same adaptor:
> > http://support.microsoft.com/kb/898553/en-us
> > 
> > 
> > All mail to and from this domain is GFI-scanned.
> > 
> > 
> > 
> > 
> 
> 
> All mail to and from this domain is GFI-scanned.
> 
> 
> 
> 

• Follow-Ups:
  • [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
    • From: Jim Harrison

Other related posts:

• » [isapros] ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor
• » [isapros] Re: ISA Server 2004 may stop responding when IP addresses from multiple subnets are bound to the same adaptor

1. Home
2. isapros
3. Archive
4. 07-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---