Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Discussion about article on Network within Network config
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Discussion about article on Network within Network ... - 8.Sep.2004 7:01:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
OK Clint/Tom,
I have some more detail on my problem.
I disabled the Outside interface on the server, uninstalled ISA Server 2004, and rebooted the server.
When it came back up, I re-enabled RRAS and added static routes for my internal network IDs in the RRAS interface. The Inside interface address is currently 192.168.15.17, and its route table looks like this: code:
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.14.0 255.255.255.0 192.168.15.1 192.168.15.17 1
192.168.15.0 255.255.255.0 192.168.15.17 192.168.15.17 30
192.168.15.17 255.255.255.255 127.0.0.1 127.0.0.1 30
192.168.15.255 255.255.255.255 192.168.15.17 192.168.15.17 30
192.168.16.0 255.255.255.0 192.168.15.1 192.168.15.17 1
192.168.17.0 255.255.255.0 192.168.15.1 192.168.15.17 1
192.168.18.0 255.255.255.0 192.168.15.1 192.168.15.17 1
192.168.19.0 255.255.255.0 192.168.15.1 192.168.15.17 1
192.168.20.0 255.255.255.0 192.168.15.1 192.168.15.17 1
224.0.0.0 240.0.0.0 192.168.15.17 192.168.15.17 30
255.255.255.255 255.255.255.255 192.168.15.17 192.168.15.17 1
I reinstalled ISA Server 2004, and when it asked for the Internal network addresses, I chose the "Add Adapter" option and selected my Inside interface. As a result, ISA Server added the following address range (correctly) to the Internal Network object:
192.168.14.0-192.168.20.255
At this point, I have not re-enabled the Outside interface yet.
I still get the following entry in the event log: quote:
ISA Server detected routes through adapter "Inside" that do not correlate with the network element to which this adapter belongs. The address ranges in conflict are: 192.168.14.0-192.168.14.255;192.168.16.0-192.168.20.255;. Fix the network element and/or the routing table to make these ranges consistent; they should be in both or in neither.
I am confused, because the routing table is correct, and so is the Internal Network object's IP address range.
Any ideas?
Thanks!
Bill
[ September 08, 2004, 07:19 PM: Message edited by: Bill Stewart ]
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 8.Sep.2004 9:02:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
A-ha! I have really solved it this time.
I believe the problem is the dependency between the Firewall and the Routing and Remote Access (RRAS) services.
Configuring static routing in the RRAS console is not the same as adding persistent routes at the command prompt (route -p add). This is evident by using the route print command, which reports "Persistent routes: None."
I added my internal network IDs to the routing table using route -p add at the command prompt rather than by using the RRAS console, and the problem is now solved. This is probably a bug in ISA Server 2004.
Clint/Tom, you might want to mention this in the article.
Thanks!
Bill
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 8.Sep.2004 11:23:00 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
Very interesting...
In my tests, I made the route additions with the "route" command and RRAS. I don't recall seeing this error when configuring the routes through RRAS, but I didn't test that as much as I did with the route command.
Let me do a little digging and see what's what. Thanks a lot for "winging" through this with us.
[ September 08, 2004, 11:23 PM: Message edited by: ClintD ]
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 8.Sep.2004 11:55:00 PM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hi Bill,
I'm with Clint. Great detective work here! I'll see if I can repro this too.
Thanks!
Tom
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 12:39:00 AM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi Clint and Tom,
No problem! Thanks!
Bill
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 3:55:00 AM
|
|
|
Fire
Posts: 265
Joined: 19.Mar.2001
From: Ontario, Canada
Status: offline
|
quote:
Originally posted by Bill Stewart:
Hi Clint and Tom,
No problem! Thanks!
Bill
Hi Bill
Have you try on the subnet and use vnc or other service,like Oracle, SQL, to see the service is ok?
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 6:38:00 AM
|
|
|
tshinder
Posts: 47490
Joined: 10.Jan.2001
From: Texas
Status: offline
|
Hey guys,
I included in the "Internal" network address ranges:
10.0.0.0-10.0.0.255
10.0.1.0-10.0.1.255
10.0.2.0-10.0.2.255
10.0.3.0-10.0.3.255
10.255.255.255-10.255.255.255
The first and list entries were part of the Internal network that I defined during installation.
I added the 10.0.1.0 and 10.0.2.0 networks using route add. I added 10.0.3.0 network using the RRAS console. I saw errors in the ISA management console. I reset those errors and restarted.
The errors did not return.
HTH,
Tom
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 2:29:00 PM
|
|
|
Fire
Posts: 265
Joined: 19.Mar.2001
From: Ontario, Canada
Status: offline
|
Hi Tom
I just clear the event log, to see when the event will show up.
Thanks.
BTW, I install the printer on the isa server. Why do you so...?
Security problem?
Fire
[ September 09, 2004, 02:29 PM: Message edited by: Fire ]
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 3:02:00 PM
|
|
|
Fire
Posts: 265
Joined: 19.Mar.2001
From: Ontario, Canada
Status: offline
|
BTW, Tom, Do you have to use "route -p add" on all the client pc?
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 4:40:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi Tom,
I was not able to get rid of the errors unless I used route -p add. In any case, my ISA 2004 is happy now!
Thanks!
Bill
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 8:53:00 PM
|
|
|
Fire
Posts: 265
Joined: 19.Mar.2001
From: Ontario, Canada
Status: offline
|
quote:
Originally posted by Bill Stewart:
Hi Tom,
I was not able to get rid of the errors unless I used route -p add. In any case, my ISA 2004 is happy now!
Thanks!
Bill
Hi Bill
Do you have to use "route -p add" on all other client pc?
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 9:41:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Fire wrote: quote:
Do you have to use "route -p add" on all other client pc?
Hi,
Why would you want to do that?
Bill
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 10:54:00 PM
|
|
|
Fire
Posts: 265
Joined: 19.Mar.2001
From: Ontario, Canada
Status: offline
|
quote:
Originally posted by Bill Stewart:
Fire wrote: quote:
Do you have to use "route -p add" on all other client pc?
Hi,
Why would you want to do that?
Bill
I am not sure. I have to do this is baz of the pc in subnet can't vnc to some pc in the main network. except I use "route -p add" to add the route info on the pc in the main network.
They still can ping each other, but not for the RDP or VNC, even the database service.
Fire
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 9.Sep.2004 10:59:00 PM
|
|
|
bizzie247
Posts: 1
Joined: 9.Sep.2004
From: Cleveland
Status: offline
|
Hello, I am as new as they get when it comes to ISA and I am using ISA 2004.
My first (and formost) question is when can I expect the book (ISA Server 2004)? I tried to preorder but it wouldn't allow me to.
My current issue deals with Network behind a Network. I receive the error message regarding the routing table as discussed and I have read the suggestion to resolve it. I understand it as well as the concept, but I am not versed enough in ISA (this is my first)to make the changes in it without fear of blowing something up. Is there a simple 'how to' site for us until the book comes out?
For now:
My ISA server (enternal) is 192.168.1.203
no gateway
My ISA points to Domain server 192.168.1.202 for DNS.
All users get in and out with no problem, it's just the VPN that gives me the trouble and the error about the LAT.
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 10.Sep.2004 4:16:00 AM
|
|
|
Fire
Posts: 265
Joined: 19.Mar.2001
From: Ontario, Canada
Status: offline
|
Until now, there is no error in the event log.
But I am still have the question, Does it have to run the Route add command at client pc.
Does any one confirm?
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 10.Sep.2004 2:45:00 PM
|
|
|
jeff.field
Posts: 12
Joined: 21.Jul.2004
From: New Jersey
Status: offline
|
Hello,
I am having similar problems. I don't have RRAS configured right now - do I need it to add persistent routes from the command line?
Here is my routing table, 10.190.0.228 is the internal IP, 209.66.19.18 is the external, they are on seperate NICs. Here is my route print output:
code:
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2000003 ...00 06 5b ec d3 c3 ...... Intel(R) PRO/1000 XT Network Connection
0x3000004 ...00 06 5b ec d3 c2 ...... Intel(R) PRO/1000 XT Network Connection
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.190.0.1 10.190.0.228 1
0.0.0.0 0.0.0.0 209.66.19.17 209.66.19.18 1
10.190.0.0 255.255.255.0 10.190.0.228 10.190.0.228 1
10.190.0.223 255.255.255.255 127.0.0.1 127.0.0.1 1
10.190.0.228 255.255.255.255 127.0.0.1 127.0.0.1 1
10.255.255.255 255.255.255.255 10.190.0.228 10.190.0.228 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
209.66.19.16 255.255.255.240 209.66.19.18 209.66.19.18 1
209.66.19.18 255.255.255.255 127.0.0.1 127.0.0.1 1
209.66.19.20 255.255.255.255 127.0.0.1 127.0.0.1 1
209.66.19.22 255.255.255.255 127.0.0.1 127.0.0.1 1
209.66.19.255 255.255.255.255 209.66.19.18 209.66.19.18 1
224.0.0.0 224.0.0.0 10.190.0.228 10.190.0.228 1
224.0.0.0 224.0.0.0 209.66.19.18 209.66.19.18 1
255.255.255.255 255.255.255.255 209.66.19.18 209.66.19.18 1
Default Gateway: 209.66.19.17
===========================================================================
Persistent Routes:
I am assuming I need to make it so that the only routes that point to the internal interface are the routes for 10.190.0.0 and 10.191.0.0, our two internal subnets. Is this correct? Would I remove the other routes and then readd with something like this?
code:
route -p add 10.190.0.0 MASK 255.255.255.0 10.190.0.228 METRIC 1 IF 3
When it comes to routing within Windows I'm not quite as up to speed as I'd like to be, please let me know if I've made any incorrect assumptions.
Thanks,
-Jeff
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 10.Sep.2004 5:20:00 PM
|
|
|
AbqBill
Posts: 478
Joined: 3.Jun.2003
From: Albuquerque NM USA
Status: offline
|
Hi Tom,
Have you tried this?
1. Uninstall ISA Server 2004 and reboot.
2. After reboot, re-enable RRAS and add the static routes for the internal interface in the RRAS console.
3. Reinstall ISA Server 2004. When it asks for the Internal network IDs, choose the Add Adapter button and choose the internal interface. Note that it "sees" your internal network IDs based on the static routes that were added from the RRAS console. Go to a command prompt and run route print. Notice that it it says "Static routes: None."
My procedure was a bit different than yours, as I didn't do part of the routes in RRAS and part using route add. I did them all in RRAS. This should reproduce the error. Or, at least it did every time I tried it.
HTH,
Bill
[ September 11, 2004, 11:06 PM: Message edited by: Bill Stewart ]
|
|
|
|
|
RE: Discussion about article on Network within Network ... - 10.Sep.2004 5:27:00 PM
|
|
|
ClintD
Posts: 1833
Joined: 26.Jan.2001
From: Keller, TX
Status: offline
|
Jeff - you need to remove the default gateway on your internal NIC - this is most likely the cause for your error - you didn't post the details of teh error so I don't know what subnets are in conflict.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
![[Eek!]](/image/smiles/eek.gif)
