• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Changed to multi-homed configuration to include DMZ networks

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Changed to multi-homed configuration to include DMZ networks Page: [1]
Login
Message << Older Topic   Newer Topic >>
Changed to multi-homed configuration to include DMZ net... - 28.Feb.2006 5:57:40 PM   
PCC

 

Posts: 199
Joined: 13.Nov.2001
From: Michigan
Status: offline
I recently changed my edge firewall setup to a multi-homed setup to include a Anonymous DMZ network, NIC IP address is 172.16.0.1, and a Anonymous WAP network, NIC IP address is 10.0.0.1.  Ever sense this change I have been getting two errors when the firewall service starts up.


ISA Server detected routes through adapter External that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.) The address ranges in conflict are: 172.16.1.0-172.16.255.255;.


And this one

ISA Server detected routes through adapter Anonymous DMZ that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.) The address ranges in conflict are: 172.16.1.0-172.16.255.254;.

I have a NAT network rule for "Internal to Anonymous DMZ". I also have one ftp server and one HTTP server published in the Anonymous DMZ  on the same physical server with IP address 172.16.0.2.

Any ideas why I would be getting these errors?  Do all the NIC's need to be in the server before ISA is installed?  Evernthing seems to be functiong fine other than the errors at ISA server startup.
Thanks.

< Message edited by PCC -- 1.Mar.2006 2:09:21 PM >
Post #: 1
RE: Changed to multi-homed configuration to include DMZ... - 1.Mar.2006 10:47:52 PM   
PCC

 

Posts: 199
Joined: 13.Nov.2001
From: Michigan
Status: offline
I just realized that the address range in conflict is not even  configured anywhere in my network configurations.  My anonymous DMZ network is configured with the range 172.16.0.0-172.16.0.255 NOT 172.16.1.0-172.16.255.255.  I'm a bit baffled as to why it is reporting this.

(in reply to PCC)
Post #: 2
RE: Changed to multi-homed configuration to include DMZ... - 1.Mar.2006 11:04:56 PM   
PCC

 

Posts: 199
Joined: 13.Nov.2001
From: Michigan
Status: offline
Well, I changed my range on the Anonymous DMZ network to 172.16.0.0-172.16.255.255 and the error went away.  But I don't understand why I was getting the error.  If anyone has any ideas please let me know.

Thanks

(in reply to PCC)
Post #: 3
RE: Changed to multi-homed configuration to include DMZ... - 5.Mar.2006 5:58:15 AM   
Zac

 

Posts: 44
Joined: 6.Oct.2005
From: Kuwait
Status: offline
Hi,

You need to read Tom's Book. I too had the similar trouble in one of our branch office. Read Tom's article

ISA Server DMZ Scenarios . If you have his book it will give you an in sight.


Zac.

(in reply to PCC)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 Firewall] >> DMZ >> Changed to multi-homed configuration to include DMZ networks Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts