Microsoft Fire wall - Error 14147

---

• From: Paul <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 6 Nov 2006 02:39:02 -0800

---

Hi

Have been getting errors in the event log of one of our ISA servers since
august, all of a sudden we are now getting the firewall service stopping.

This is the error in the event log :-

ISA Server detected routes through adapter adsl that do not correlate with
the network
element to which this adapter belongs. For best practice, the address range
of an ISA
Server network should match the address ranges routable through the
associated network
adapter as defined in the routing table. Otherwise valid packets may be
dropped as spoofed.
(This alert may occur momentarily when you create a remote site network. You
may safely
ignore this message if it does not reoccur.)
The address ranges in conflict are:
10.0.0.0-10.128.79.255;
10.128.81.0-10.132.79.255;
10.132.81.0-10.132.231.255;
10.132.233.0-10.132.233.255;
10.132.235.0-10.132.235.255;
10.132.239.0-10.132.244.255;
10.132.246.0-10.255.255.254;
11.0.0.0-11.134.99.255;
11.134.101.0-11.255.255.255;
172.16.4.255-172.16.255.254;
172.17.0.0-172.31.255.255;
192.168.2.0-192.168.4.255;

------

I thought it might have something to do with the routing table but i cant
see anything obvious here.. can you ?

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.1.254 172.16.1.1 20
10.128.80.0 255.255.255.0 10.132.232.254 10.132.232.3 1
10.132.80.0 255.255.255.0 10.132.232.253 10.132.232.3 1
10.132.232.0 255.255.255.0 10.132.232.3 10.132.232.3 10
10.132.232.3 255.255.255.255 127.0.0.1 127.0.0.1 10
10.132.234.0 255.255.255.0 10.132.232.254 10.132.232.3 1
10.132.236.0 255.255.255.0 10.132.232.254 10.132.232.3 1
10.132.237.0 255.255.255.0 10.132.232.254 10.132.232.3 1
10.132.238.0 255.255.255.0 10.132.232.254 10.132.232.3 1
10.132.245.0 255.255.255.0 10.132.232.254 10.132.232.3 1
10.255.255.255 255.255.255.255 10.132.232.3 10.132.232.3 10
11.134.100.0 255.255.255.0 10.132.232.3 10.132.232.3 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
172.16.1.0 255.255.255.0 172.16.1.1 172.16.1.1 20
172.16.1.1 255.255.255.255 127.0.0.1 127.0.0.1 20
172.16.255.255 255.255.255.255 172.16.1.1 172.16.1.1 20
224.0.0.0 240.0.0.0 10.132.232.3 10.132.232.3 10
224.0.0.0 240.0.0.0 172.16.1.1 172.16.1.1 20
255.255.255.255 255.255.255.255 10.132.232.3 10.132.232.3 1
255.255.255.255 255.255.255.255 172.16.1.1 172.16.1.1 1
Default Gateway: 172.16.1.254
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.132.237.0 255.255.255.0 10.132.232.254 1

We have two interfaces setup - 10.132.232.3 LAN and 172.16.1.1 - ADSL
------------

Another wierd error is that in routing and remote access if i try to update
routes on either the ADSL or LAN interface/adapter it says The interface is
unknown.

Also when trying to view the address information on any of the interfaces
setup it says the following

IP Routes - The data is not available error 1717 occurred.
Its the same for every other item under description.

Please help if you can......

.

---

• Prev by Date: Re: Setup inside existing firewall
• Next by Date: Re: Setup inside existing firewall
• Previous by thread: ISA server and smtp mail
• Next by thread: Re: Open Ports ISA 2006
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Redist. OSPF into BGP -- matching and prepending ... St. Customer has its own OSPF network which connects the two. ... All CE routers in our MPLS network run using a private AS (same on all in a region, but we have ASN override configured at the PERs so that one CE can see the routes originated by another) and the core runs a public AS. ... So the idea is, we want the WAN link for 10 Main to be the preferred path for "10" routes and 20 Main to be the preferred route for "20" routes, but if either link goes down we want failover. ... match tag and set both community and local-pref (community is ... (comp.dcom.sys.cisco) Re: Routing problems ... addresses on all machines on our network, ... avoid setting up static routing on every machine on the network (which would ... Here's the routes in our local Sprint router ... (comp.os.linux.networking) Re: [Full-disclosure] Vista Reduced Function mode triggered ... video (which I still am not able to do in any video player except WMP for ... It didn't help the video but I quickly found network ... directly after removing the routes, there wasn't but a few minutes between ... software licensing service since it claims disabling that service will ... (Full-Disclosure) Re: Help requested with RIPv1 lan issues (UK school) ... >> school network. ... The event log on the clients indicate ... > Yet then you go on to discuss RIP, static routes on clients etc. ... > You say you have static routes on the clients to the 192.168.2.x subnet. ... (microsoft.public.windows.server.networking) Re: IPv6 in FC4 - How ... though the configuration defaults to "no", ... Listing routes is something like "ip -6 route ls". ... etc, etc, etc) already understand IPv6 and may (for the servers at ... and restart your network so it gets properly configured. ... (Fedora)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.configuration  > 2006-11