Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

DMZ Configuration Error

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> DMZ Configuration Error Page: [1]
Login
Message << Older Topic   Newer Topic >>
DMZ Configuration Error - 12.Aug.2006 12:17:45 AM   
steve_r

 

Posts: 1
Joined: 12.Aug.2006
Status: offline 		I have a Cisco PIX as the edge firewall creating a DMZ on a 172.16.2.0 - 172.16.2.255 network. The internal network is on a 10.0.0.0 network. The ISA server has one interface in the DMZ and one on the internal network. It is a member of the internal domain. I added the internal network adapter to the internal network which automatically gave it the address ranges:0.0.0.1 - 126.255.255.255, 128.0.0.0 - 172.16.1.255, 172.16.3.0 - 172.16.255.254, 172.17.0.0-223.255.255.255, 240.0.0.0 - 255.255.255.254. I am using the web publishing rules to publish internal web sites through ISA. Using this configuration I get the following error:

Description: ISA Server detected routes through adapter Local Area Connection 2 that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.)  The address ranges in conflict are: 0.0.0.1-10.110.1.255;10.110.3.0-10.255.255.254;11.0.0.0-126.255.255.255;128.0.0.0-172.16.1.255;172.16.3.0-172.16.255.254;172.17.0.0-223.255.255.255;240.0.0.0-255.255.255.254;.

This is the windows routing table:
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
        0.0.0.0          0.0.0.0       10.110.2.1     10.110.2.124     20
        0.0.0.0          0.0.0.0       172.16.2.2      172.16.2.13     20
     10.110.2.0    255.255.255.0     10.110.2.124     10.110.2.124     20
   10.110.2.124  255.255.255.255        127.0.0.1        127.0.0.1     20
10.255.255.255  255.255.255.255     10.110.2.124     10.110.2.124     20
      127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
     172.16.2.0    255.255.255.0      172.16.2.13      172.16.2.13     20
    172.16.2.13  255.255.255.255        127.0.0.1        127.0.0.1     20
    172.16.2.20  255.255.255.255        127.0.0.1        127.0.0.1     20
    172.16.2.21  255.255.255.255        127.0.0.1        127.0.0.1     20
    172.16.2.22  255.255.255.255        127.0.0.1        127.0.0.1     20
172.16.255.255  255.255.255.255      172.16.2.13      172.16.2.13     20
      224.0.0.0        240.0.0.0     10.110.2.124     10.110.2.124     20
      224.0.0.0        240.0.0.0      172.16.2.13      172.16.2.13     20
255.255.255.255  255.255.255.255     10.110.2.124     10.110.2.124      1
255.255.255.255  255.255.255.255      172.16.2.13      172.16.2.13      1
Default Gateway:        10.110.2.1
===========================================================================
Persistent Routes:
None

When trying to access the sites I get IP spoofing errors and nothing works.

If I add all private addresses to the internal network everything works fine. This of course is making no distinction between the networks and both interfaces are regarded as internal.

Please help...

< Message edited by steve_r -- 14.Aug.2006 10:42:15 PM >
Post #: 1
RE: DMZ Configuration Error - 18.Aug.2006 1:25:07 PM   
mdbradsh

 

Posts: 29
Joined: 22.Jul.2006
From: Indianapolis
Status: offline 		I don't know if this will help, but I had a similar problem when I first set up ISA Server. I think it was due to not properly configuring the adapters/IP addresses prior to installing ISA. You also want to ensure you have good DNS and you do not have an internet connection prior to and during set up/installation. I uninstalled ISA when I had this problem, and carefully went back through and made sure my DNS was good, my adapters and IP addresses were all configured correctly, the adapters in their proper order, and disconnected my internet connection. I then re-installed ISA and it came up fine, with no more problems or IP address errors. Been working super ever since. Maybe give this a try. Hope this helps.  

(in reply to steve_r)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> DMZ Configuration Error Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts