ISA 2004 - Microsoft Firewall Event ID 14147
- From: Mobile PC Magic, Inc. <Mobile PC Magic, Inc.@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 15 Mar 2006 07:42:27 -0800
Hello
Ok... I've been intermittently getting the following error messages several
times per day since upgrading to DSL several months back. When Event ID 14147
is logged, all client PC's briefly lose connectivity to the internet (they do
not lose internal connections). I am running SBS2003 SP1 & ISA 2004 SP2.
The error messages in Event Viewer are as follows:
ISA Server detected routes through adapter Loopback that do not correlate
with the network element to which this adapter belongs. For best practice,
the address range of an ISA Server network should match the address ranges
routable through the associated network adapter as defined in the routing
table. Otherwise valid packets may be dropped as spoofed. (This alert may
occur momentarily when you create a remote site network. You may safely
ignore this message if it does not reoccur.) The address ranges in conflict
are: 72.148.215.47-72.148.215.47;.
ISA Server detected routes through adapter 3COM NIC for BellSouth DSL that
do not correlate with the network element to which this adapter belongs. For
best practice, the address range of an ISA Server network should match the
address ranges routable through the associated network adapter as defined in
the routing table. Otherwise valid packets may be dropped as spoofed. (This
alert may occur momentarily when you create a remote site network. You may
safely ignore this message if it does not reoccur.) The address ranges in
conflict are:
65.14.248.10-65.14.248.10;72.148.215.47-72.148.215.47;72.255.255.255-72.255.255.255
I never experienced this issue when I had a cable modem - the only major
difference now is the addition of the PPPoE connection to log onto my DSL
service. The IP address (72.148.215.47) in the first error message is my
Static (External) IP address. The IP address in the second error message
65.14.248.10 is the default gateway for my DSL service.
Route print on my server is as follows:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>route print
IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
0x10003 ...00 04 75 aa ee 30 ...... 3Com EtherLink 10/100 PCI For Complete
PC Ma
nagement NIC (3C905C-TX)
0x10004 ...00 c0 9f 25 7a 1d ...... Intel(R) PRO/1000 MT Network Connection
0x40005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 65.14.248.10 72.148.215.47 1
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.97 2
65.14.248.10 255.255.255.255 72.148.215.47 72.148.215.47 1
72.148.215.47 255.255.255.255 127.0.0.1 127.0.0.1 50
72.255.255.255 255.255.255.255 72.148.215.47 72.148.215.47 50
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.97 192.168.1.97 20
192.168.1.97 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.97 192.168.1.97 20
192.168.16.0 255.255.255.0 192.168.16.2 192.168.16.2 10
192.168.16.2 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.16.19 255.255.255.255 127.0.0.1 127.0.0.1 50
192.168.16.255 255.255.255.255 192.168.16.2 192.168.16.2 10
224.0.0.0 240.0.0.0 192.168.1.97 192.168.1.97 20
224.0.0.0 240.0.0.0 192.168.16.2 192.168.16.2 10
224.0.0.0 240.0.0.0 72.148.215.47 72.148.215.47 1
255.255.255.255 255.255.255.255 72.148.215.47 72.148.215.47 1
255.255.255.255 255.255.255.255 192.168.1.97 192.168.1.97 1
255.255.255.255 255.255.255.255 192.168.16.2 192.168.16.2 1
Default Gateway: 65.14.248.10
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\Administrator>
I've tried everything short of hiring someone to come in and fix my server!
Yesterday I decided to poke around in "Routing and Remote Access". Under "IP
Routing", I added the following 3 "Static Routes":
(The format is Destination, Network Mask, Gateway, Interface, Metric, View)
72.255.255.255; 255.255.255.255; 72.148.215.47; 3COM NIC for BellSouth DSL;
50; Both
72.148.215.47; 255.255.255.255; 127.0.0.1; 3COM NIC for BellSouth DSL; 50;
Both
65.14.248.10; 255.255.255.255; 72.148.215.47; 3COM NIC for BellSouth DSL; 1;
Both
After applying the 3 preceding "Static Routes", I am no longer receiving
Event ID 14147 and everything is running smoothly.
Because I don't know that much about these settings, my question is, did I
compromise/weaken my security? What is the difference between adding these
entries under "Static Routes" as opposed to "Persistent Routes" at the
command prompt?
Many thanks for your help!
Regards,
Robert Woehrer, CEO
Mobile PC Magic, Inc.
.
- Follow-Ups:
- Re: ISA 2004 - Microsoft Firewall Event ID 14147
- From: Cris Hanna \(SBS-MVP\)
- Re: ISA 2004 - Microsoft Firewall Event ID 14147
- Prev by Date: Outlook 2003, Main Contacts folder doesnt show up as an e-mail address book
- Next by Date: Re: SMTP Setup - CName Setup
- Previous by thread: Outlook 2003, Main Contacts folder doesnt show up as an e-mail address book
- Next by thread: Re: ISA 2004 - Microsoft Firewall Event ID 14147
- Index(es):
Relevant Pages
|
Loading
