Re: ISA Server doesn't support VLANs?
From: Tristan Kington [MS] (tristank_at_online.microsoft.com)
Date: 03/24/04
- Next message: Tristan Kington [MS]: "Re: ISA Server doesn't support VLANs?"
- Previous message: Tristan Kington [MS]: "Re: non domain users"
- In reply to: Dmitry Mashkov: "Re: ISA Server doesn't support VLANs?"
- Next in thread: Tristan Kington [MS]: "Re: ISA Server doesn't support VLANs?"
- Reply: Tristan Kington [MS]: "Re: ISA Server doesn't support VLANs?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Mar 2004 13:27:40 +1100
Update for the group, there are a couple of interesting things happening in
the ISAInfo output:
- two default gateways defined on the same IP:
0.0.0.0 0.0.0.0 217.xx.AA.105 217.xx.BB.3 10
0.0.0.0 0.0.0.0 217.xx.BB.1 217.xx.BB.3 10
(the first route in the list there is via a non-local interface).
The ISA Firewall service also appears to be having problems:
3/23/2004 16:41:18 4 0 14027 Microsoft ISA Server Control N/A CERBER2 The
Microsoft ISA Server Control Service started.
3/23/2004 16:41:18 1 0 14017 Microsoft Firewall N/A CERBER2 Incorrect
network configuration. The server address is not internal and is not in the
Local Address Table (LAT).
The ISAInfo does appear to have the server IP in the LAT, but I'm not
convinced the configuration's quite right underneath it all yet.
We know that if VLANs are disabled, this works, and that if one IP is
removed but the 802.1q VLANs are enabled, it works.
Essentially, if the VLANs are working correctly, my understanding is that
ISA shouldn't cause any change in behaviour; the VLAN configuration should
be transparent to ISA.
I'll try a similar configuration here without the VLANs and see what I can
find.
-- This posting is provided "AS IS" with no warranties, and confers no rights. "Dmitry Mashkov" <dm@byte-et.ru> wrote in message news:uVDJrkKEEHA.700@TK2MSFTNGP09.phx.gbl... Yes, they were teamed (for fault tolerance), but this doesn't change a thing. I will send you IPCONFIG from un-teamed configuration (only VLANs). It doesn't work either. As I mentioned earlier, the problem is only the combination of two factors: 1) IPs from different subnets on external interface. 2) VLANs. "Tristan Kington [MS]" <tristank@online.microsoft.com> wrote in message news:O4fvxGGEEHA.580@TK2MSFTNGP11.phx.gbl... > Thank you for the ISAInfo and IPCONFIG. The ISAInfo looks straightforward, > but the IPCONFIG is interesting. > > Ethernet adapter Local Area Connection 12: > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : DMZ:HP Network Team #1 > > Physical Address. . . . . . . . . : 00-0B-xx-xx-xx-xx > > Ethernet adapter Local Area Connection 14: > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : internet:HP Network Team #1 > > Physical Address. . . . . . . . . : 00-0B-xx-xx-xx-xx > > Both NICs appear to have the same MAC address - are they actually teamed at > the moment? If they are, does this configuration work un-teamed? (Or am I > missing the point of the configuration - do they need to be teamed for this > to work?) > > > -- > This posting is provided "AS IS" with no warranties, and confers no rights. > > "Dmitry Mashkov" <dm@byte-et.ru> wrote in message > news:%23627mP$DEHA.684@tk2msftngp13.phx.gbl... > Oops... > > 802.1Q of course. > > "Dmitry Mashkov" <dm@byte-et.ru> wrote in message > news:OZhd6O$DEHA.2932@tk2msftngp13.phx.gbl... > > Tristan, > > > > I will send you configuration files today by email. > > By "tagged VLAN" I mean 802.1p VLANs (not static, port-based VLANs). > > >
- Next message: Tristan Kington [MS]: "Re: ISA Server doesn't support VLANs?"
- Previous message: Tristan Kington [MS]: "Re: non domain users"
- In reply to: Dmitry Mashkov: "Re: ISA Server doesn't support VLANs?"
- Next in thread: Tristan Kington [MS]: "Re: ISA Server doesn't support VLANs?"
- Reply: Tristan Kington [MS]: "Re: ISA Server doesn't support VLANs?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
