Re: Alert Configuration Error, please explain.
- From: "John Sitka" <johnsitka@xxxxxxxxxxxxxxxxx>
- Date: Mon, 17 Dec 2007 13:00:08 -0500
Thanks Mr. Windell,
I'm glad you added what you did, I still wish I understood what an
the terminology "array-level network Internal" and an "array-level network External"
means.
I could follow the directions described in the error to remove that error
but I would not understand why. Assuming no cabling error (like the scenerio I imagined)
I don't see how the routing is getting messed up it must be the routing taking place
in the gateway, sounds like sloppy work or that the gateway makes some assumptions
that are incorrect which I think is probably the case.
I sure hate seeing multiple A Records for the same data but all I can do is
keep suggesting it might be nice if we stuck to a best practice and only
used multi A's when something won't work the usual way. Right or wrong
I just think it sucks and is sloppy.
"Phillip Windell" <philwindell@xxxxxxxxxxx> wrote in message news:e5WtH2gMIHA.5904@xxxxxxxxxxxxxxxxxxxxxxx
"John Sitka" <johnsitka@xxxxxxxxxxxxxxxxx> wrote in message news:%230WiPDUMIHA.5300@xxxxxxxxxxxxxxxxxxxxxxx
What if one of those ports goes to another switch which already has a
port taken up by an uplink that eventually makes it's way back to the "trusted" interface on the gateway
appliance(172.17.10.0/24)?
Then you get exactly the error you are getting. The external nic sees broadcasts from IP#s that are "not supposed to be there".
The switches could be "VLANed" to separate the ports,...but it is better to just not make such a mess to begin with.
these are typical A records for zone....
computer1from2001 172.17.10.103
computer2from2004 172.17.10.103
computer3from2007 172.17.10.103
computer3from2007butwewanttoaccessitwithanalias 172.17.10.103
There should only be *one* A Record per IP#. The rest are supposed to be CNAME (Alias) records that simply point to the A Record
(If the line wrap doesn't screw it up)
computer1from2001 A Record 172.17.10.103
computer2from2004 CNAME computer1from2001.domain.tld
computer3from2007 CNAME computer1from2001.domain.tld
computer3from2007 CNAME computer1from2001.domain.tld
butwewanttoaccessitwithanalias CNAME computer1from2001.domain.tld
A more realistic example, for a machine with both a website and a mail service on it and list of possible aliases you might use
for it.
AD Zone: company.org
-------------------------------------------------------
server1 A Record 192.168.14.23
mail CNAME server1.company.org
exchange CNAME server1.company.org
pop3 CNAME server1.company.org
smtp CNAME server1.company.org
www CNAME server1.company.org
ww2 CNAME server1.company.org
webmail CNAME server1.company.org
owa CNAME server1.company.org
--
Phillip Windell
www.wandtv.com
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/ISA2004_AccessRules.html
Troubleshooting Client Authentication on Access Rules in ISA Server 2004
http://download.microsoft.com/download/9/1/8/918ed2d3-71d0-40ed-8e6d-fd6eeb6cfa07/ts_rules.doc
Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
Microsoft ISA Server Partners: Partner Hardware Solutions
http://www.microsoft.com/forefront/edgesecurity/partners/hardwarepartners.mspx
-----------------------------------------------------
.
- Follow-Ups:
- Re: Alert Configuration Error, please explain.
- From: Phillip Windell
- Re: Alert Configuration Error, please explain.
- Prev by Date: Question on outbound VPN access from LAN via ISA 2004 to remote VPN server
- Next by Date: Re: ISA 2006 Restricting Incoming Traffic by IP Address
- Previous by thread: Question on outbound VPN access from LAN via ISA 2004 to remote VPN server
- Next by thread: Re: Alert Configuration Error, please explain.
- Index(es):
Relevant Pages
|
Loading
