• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Packets Rejected from one NIC to another?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Packets Rejected from one NIC to another? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Packets Rejected from one NIC to another? - 29.Jul.2008 12:28:40 PM   
jack_dorsey

 

Posts: 11
Joined: 13.Nov.2006
Status: offline
The message I'm receiving is this:

"A packet generated on the host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter"

It's totally throwing me.  Isn't the very reason we use ROUTING to prevent messages like these?

I've checked the Routing and Remote Access tables and everything is setup the way it should be.  I simply do not understand what ISA's (or my own) problem is.

Does anyone have any ideas where to look for the reason that this could be happening?  I severely appreciate any assistance.

Best Regards, Jack
Post #: 1
RE: Packets Rejected from one NIC to another? - 29.Jul.2008 1:18:21 PM   
Rotorblade

 

Posts: 1348
Joined: 27.Feb.2007
Status: offline
Jack,

As the error indicates, your NICís are connected and reachable to the same network that are defined in ISA. A NIC can only belong to one network or any network that is reachable from the network interface. Not two. You have something amiss with your NIC(s) and ISA network setup. Can you post your NIC and ISA network configurations?

RB


_____________________________

David Melvin
Ohio
MCSE: Security 2003, MCSA:Security 2003

(in reply to jack_dorsey)
Post #: 2
RE: Packets Rejected from one NIC to another? - 30.Jul.2008 6:45:38 PM   
jack_dorsey

 

Posts: 11
Joined: 13.Nov.2006
Status: offline
Hi David,

First off thank you for replying.  Since this is currently a testing environment I have no issues with handing out the NIC/routing specifics.

We are attempting to perform a Site-to-Site L2TP VPN between two ISA 2004 Servers running SBS 2K3 Premium.  I have completed this experiment using two local servers and a switch, both with dual NICs.  Now I am trying to perform this test over the Internet between existing test servers.  Both servers have firewall appliances in front of them that are currently configured to allow passthrough for L2TP VPN connections and are not "reporting" or logging any blockage between the servers.

Server1 (main site):

NIC1 (internal NIC):
IP:  192.168.2.183
SM:  255.255.255.0
GW:  None (per ISA security model)

NIC2 (Internet access NIC):
IP:  10.0.2.1
SM:  255.255.255.0
GW:  10.0.2.2 (firewall appliance)

Server2 (branch site):

NIC1 (internal NIC):
IP:  192.168.0.183
SM:  255.255.255.0
GW:  None (per ISA security model)

NIC2 (Internet access NIC):
IP:  10.0.0.1
SM:  255.255.255.0
GW:  10.0.0.2 (firewall appliance)

The ISA information on both servers is configured to "route" (as opposed to NAT) the information passing between the L2TP tunnel (named Site-to-Site) and the outward-facing IP's for each server are used in the individual rules.  The internal IP ranges for each server are also included in all rules (allowing everything at this point just to get it to work, then I'll customize communications later).

ISA isn't denying any traffic (except for NetBIOS denials regarding the message I initially posted, which I believe is causing the lack of connection) and if I attempt to create a UNC-based connection (\\remoteserverIP\sharename, such as C$) I can see IKE 500 and L2TP-based port traffic hitting the remote server if I monitor communications on ISA. 

I simply cannot figure out why I'm receiving that message as I have my routes setup properly (as far as I can tell).

There is no need to use a "route add [remoteserverIPrange] [localserverNICGW] /p" from a command line is there?  I ask because I'm not sure and I've tried to specify that before and it doesn't change anything.

Thanks again.

Jack Dorsey

(in reply to Rotorblade)
Post #: 3

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA Server 2004 General ] >> ISA 2004 SBS >> Packets Rejected from one NIC to another? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts