Welcome to ISAserver.org

intra-array problem ??? please help

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA 2006 General] >> General >> intra-array problem ??? please help

Page: [1]

Message

<< Older Topic Newer Topic >>

intra-array problem ??? please help - 23.Mar.2007 6:14:21 AM

bbmak

Posts: 25
Joined: 17.Mar.2007
Status: offline

I have the following error in my alert?
why is happen? how can I fix it?

Using Static IP address:
Internal - 192.168.0.3
External - 192.168.0.2

===========================================
The IP address specified for communication between this ISA Server computer (0.0.0.0) and other array members is not bound to a network adapter installed on this computer. The IP address specified for intra-array communication must be bound to a network adapter installed on the computer.

The routing table for the network adapter Local Area Connection 2 includes IP address ranges that are not defined in the array-level network External, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network.
The following IP address ranges will be dropped as spoofed:
Internal:192.168.0.0-192.168.0.101,192.168.0.104-192.168.0.254;
=============================================

Post #: 1

Featured Links*

RE: intra-array problem ??? please help - 23.Mar.2007 7:32:21 AM

Pitre

Posts: 4
Joined: 16.Mar.2007
From: GOA - INDIA
Status: offline

hi,
not clear with your problem....
if you have more then 1 members in an array then you must have third dedicated NIC only for Intra_array communication installed on array members & its IP should be deff. from your INT / EXT IPs.

secondly you have INT / EXT IPs in the same subnet this could cause problems .
go with something like this
Ext == 192.168.0.2
INT == 192.125.125.2/24
INTRA-Array == 222.222.222.1/24

get back

(in reply to bbmak)

Post #: 2

RE: intra-array problem ??? please help - 23.Mar.2007 1:25:41 PM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Agree. Nothing is going to work until the internal and external interfaces are no different network IDs.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to Pitre)

Post #: 3

RE: intra-array problem ??? please help - 23.Mar.2007 6:48:32 PM

bbmak

Posts: 25
Joined: 17.Mar.2007
Status: offline

I have changed to following IPs

Internal-192.125.125.20
External-192.168.0.102

After I change the IP, the alert gone, but my clients cannot use web proxy.
I got a 502 Proxy Error
I have change the clients ip to following

IP-192.125.125.21-255
no gatway

< Message edited by bbmak -- 23.Mar.2007 8:37:06 PM >

(in reply to Pitre)

Post #: 4

RE: intra-array problem ??? please help - 23.Mar.2007 9:26:40 PM

bbmak

Posts: 25
Joined: 17.Mar.2007
Status: offline

Update:
I am able to access the internet after I created this access rule:
protocols: http, ftp, https
source: Anywhere
destination: External & Internal

Isnt that the way to enable web proxy clients internet access?

additional question
isnt i should leave the isa server alone, without installing any additional service to the server?

I know i shouldnt do this because of the security reason. However, I want to know are there anyway to make a network share folder that only allow my domain server to copy file to the isa server?

< Message edited by bbmak -- 24.Mar.2007 3:11:45 AM >

(in reply to bbmak)

Post #: 5

RE: intra-array problem ??? please help - 26.Mar.2007 10:30:47 AM

tshinder

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline

Remove that access rule ASAP and crater the box. There's a good chance that an intruder took advantage of the "Anywhere" rule.

Make sure you understand how the Firewall works before you plug it into the production network.

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to bbmak)

Post #: 6