• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

ISA 2006 Configuration issue: Address Ranges

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 General] >> General >> ISA 2006 Configuration issue: Address Ranges Page: [1]
Login
Message << Older Topic   Newer Topic >>
ISA 2006 Configuration issue: Address Ranges - 25.Jul.2013 5:44:10 AM   
ymtisa

 

Posts: 1
Joined: 25.Jul.2013
Status: offline
ISA 2006 Alerts report the following:-

The routing table for the network adapter Castle Network includes IP address ranges that are not defined in the array-level network Internal, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network.
The following IP address ranges will be dropped as spoofed:
External:192.168.1.255-192.168.1.255,192.168.15.255-192.168.15.255

Should the .255 addresses be included in the configuration? I can't be certain, but when I did try adding them we started to have routing issues between the local subnet (.200) and a remote subnet (.1).

Any advice would be much appreciated.

Symon
Post #: 1
RE: ISA 2006 Configuration issue: Address Ranges - 11.Oct.2013 8:58:39 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline 		Address Ranges are always the whole range, which includes the ID and Broadcast Address.

External Ranges are never defined,...do not define them. An External Range is automatically any range that is not already defined on the Internal or one of the "Other" networks.

The Routing Table in Windows has to agree with the Network Definitions/Ranges or ISA will have fits. So if you have an address range of 172.16.5.0--172.16.5.255 then the Windows Routing Table must have a Table Entry for 172.16.5.0 255.255.255.0. It must have that even if the ISA is not acting as a Router (which is should not be anyway).

In the end it isn't about routing or traffic flow within or through the ISA,..it is about ISA having a proper "view" or proper "understanding" of the company's topology in order to properly interpret the validity of traffic, such as spoofed -vs- not spoofed

_____________________________

Phillip Windell

(in reply to ymtisa)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 General] >> General >> ISA 2006 Configuration issue: Address Ranges Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts