Re: Alert Configuration Error, please explain.
- From: "Phillip Windell" <philwindell@xxxxxxxxxxx>
- Date: Wed, 28 Nov 2007 16:24:22 -0600
"John Sitka" <johnsitka@xxxxxxxxxxxxxxxxx> wrote in message
news:%230WiPDUMIHA.5300@xxxxxxxxxxxxxxxxxxxxxxx
What if one of those ports goes to another switch which already has a
port taken up by an uplink that eventually makes it's way back to the
"trusted" interface on the gateway appliance(172.17.10.0/24)?
Then you get exactly the error you are getting. The external nic sees
broadcasts from IP#s that are "not supposed to be there". The switches
could be "VLANed" to separate the ports,...but it is better to just not make
such a mess to begin with.
these are typical A records for zone....
computer1from2001 172.17.10.103
computer2from2004 172.17.10.103
computer3from2007 172.17.10.103
computer3from2007butwewanttoaccessitwithanalias 172.17.10.103
There should only be *one* A Record per IP#. The rest are supposed to be
CNAME (Alias) records that simply point to the A Record
(If the line wrap doesn't screw it up)
computer1from2001 A Record 172.17.10.103
computer2from2004 CNAME computer1from2001.domain.tld
computer3from2007 CNAME computer1from2001.domain.tld
computer3from2007 CNAME computer1from2001.domain.tld
butwewanttoaccessitwithanalias CNAME computer1from2001.domain.tld
A more realistic example, for a machine with both a website and a mail
service on it and list of possible aliases you might use for it.
AD Zone: company.org
-------------------------------------------------------
server1 A Record 192.168.14.23
mail CNAME server1.company.org
exchange CNAME server1.company.org
pop3 CNAME server1.company.org
smtp CNAME server1.company.org
www CNAME server1.company.org
ww2 CNAME server1.company.org
webmail CNAME server1.company.org
owa CNAME server1.company.org
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
.
- References:
- Alert Configuration Error, please explain.
- From: John Sitka
- Re: Alert Configuration Error, please explain.
- From: John Sitka
- Re: Alert Configuration Error, please explain.
- From: Jim Harrison \(ISA SE\)
- Re: Alert Configuration Error, please explain.
- From: John Sitka
- Re: Alert Configuration Error, please explain.
- From: Phillip Windell
- Re: Alert Configuration Error, please explain.
- From: John Sitka
- Alert Configuration Error, please explain.
- Prev by Date: Re: WHAT AM I MISSING????? ISA is blocking FTP downloads
- Next by Date: Re: Virtual Server on ISA with 2 ISP WAN connections
- Previous by thread: Re: Alert Configuration Error, please explain.
- Next by thread: Re: ISA Upload Speed Issues
- Index(es):
Relevant Pages
|
