The routing table for the network adapter Castle Network includes IP address ranges that are not defined in the array-level network Internal, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network. The following IP address ranges will be dropped as spoofed: External:192.168.1.255-192.168.1.255,192.168.15.255-192.168.15.255
Should the .255 addresses be included in the configuration? I can't be certain, but when I did try adding them we started to have routing issues between the local subnet (.200) and a remote subnet (.1).
From: Taylorville, IL
Address Ranges are always the whole range, which includes the ID and Broadcast Address.
External Ranges are never defined,...do not define them. An External Range is automatically any range that is not already defined on the Internal or one of the "Other" networks.
The Routing Table in Windows has to agree with the Network Definitions/Ranges or ISA will have fits. So if you have an address range of 172.16.5.0--172.16.5.255 then the Windows Routing Table must have a Table Entry for 172.16.5.0 255.255.255.0. It must have that even if the ISA is not acting as a Router (which is should not be anyway).
In the end it isn't about routing or traffic flow within or through the ISA,..it is about ISA having a proper "view" or proper "understanding" of the company's topology in order to properly interpret the validity of traffic, such as spoofed -vs- not spoofed