• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA on Layer 3 switch, tons of ICMP redirects..

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> General >> ISA on Layer 3 switch, tons of ICMP redirects.. Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA on Layer 3 switch, tons of ICMP redirects.. - 29.Jan.2006 8:16:28 PM   
DBornack

 

Posts: 67
Joined: 8.Jan.2004
From: Chicago, IL
Status: offline
I have ISA 2004 in an Aotu-Detect environment with about 2000 users. 

Everything is working fine, I'm not having any problems, but I noticed that there alot of denied connections in the ISA Monitoring log with a origin IP of my Layer 3 core switch, and detination IP of my ISA server.

Upon an ethereal capture, I found that there are a TON of ICMP redirect packets, several hundred a second to each client PC that is connecting to ISA..

Any ideas?

Here is an example.. :


No. Time Source Destination Protocol Info
7002 20.488300 10.10.1.1 10.10.1.19 ICMP Redirect (Redirect for host)
Frame 7002 (70 bytes on wire, 70 bytes captured)
Arrival Time: Jan 29, 2006 12:57:02.560768000
Time delta from previous packet: 0.000386000 seconds
Time since reference or first frame: 20.488300000 seconds
Frame Number: 7002
Packet Length: 70 bytes
Capture Length: 70 bytes
Protocols in frame: eth:ip:icmp:ip:tcp
Ethernet II, Src: 10.10.1.1 (00:0e:7f:03:23:00), Dst: 10.10.1.19 (00:14:22:15:cc:bd)
Destination: 10.10.1.19 (00:14:22:15:cc:bd)
Source: 10.10.1.1 (00:0e:7f:03:23:00)
Type: IP (0x0800)
Internet Protocol, Src: 10.10.1.1 (10.10.1.1), Dst: 10.10.1.19 (10.10.1.19)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 56
Identification: 0x5f1a (24346)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: ICMP (0x01)
Header checksum: 0x0584 [correct]
Source: 10.10.1.1 (10.10.1.1)
Destination: 10.10.1.19 (10.10.1.19)
Internet Control Message Protocol
Type: 5 (Redirect)
Code: 1 (Redirect for host)
Checksum: 0x8262 [correct]
Gateway address: 10.10.0.254 (10.10.0.254)
Internet Protocol, Src: 10.10.1.19 (10.10.1.19), Dst: 10.10.135.114 (10.10.135.114)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 596
Identification: 0x6e2a (28202)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x2df5 [incorrect, should be 0x2de1]
Source: 10.10.1.19 (10.10.1.19)
Destination: 10.10.135.114 (10.10.135.114)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1422 (1422)
Source port: http (80)
Destination port: 1422 (1422)

Post #: 1
RE: ISA on Layer 3 switch, tons of ICMP redirects.. - 19.Feb.2008 8:00:58 PM   
ggovier

 

Posts: 1
Joined: 19.Feb.2008
Status: offline
I know this is an old post, but hey, the post caught my interest…
10.10.1.1 is telling 10.10.1.19 that instead of using 10.10.1.1 as the gateway to reach 10.10.135.114, it should be using 10.10.0.254.
There could be several reasons, 10.10.1.1 could have it’s default gateway wrong.
The workstation and router could have mismatched subnet masks.
A redirect is usually only a good thing if you have two routers on the subnet as valid exit points, and they are exchanging routing info (or they have static routes pointing from one to the other for some subnets).
The workstations default gateway should be to the router (if you have more than 1) which most of your packets will need to use.

make sense?

(in reply to DBornack)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> General >> ISA on Layer 3 switch, tons of ICMP redirects.. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts