Re: ISA 2004 - Microsoft Firewall Event ID 14147

I'm a little confused by the results
Your 3com NIC for Bell South...What does that connect to?
Are you running any kind of PPPoE software on your server?

Trying to figure out why we're seeing the PPP connection with a public IP

--
Cris Hanna [SBS-MVP]
--------------------------------------
Please do not respond directly to me, but only post in the newsgroup so all can take advantage
"Mobile PC Magic, Inc." <MobilePCMagicInc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:C2844FE7-F5DC-4B8D-8BD6-FA2866A41188@xxxxxxxxxxxxxxxx
Hi Cris

Thanks for the reply. Here are the results you requested:
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : server01
Primary Dns Suffix . . . . . . . : mobilepcmagic.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mobilepcmagic.local

PPP adapter RAS Server (Dial In) Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.19
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter 3COM NIC for BellSouth DSL:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink 10/100 PCI For
Complete PC
Management NIC (3C905C-TX)
Physical Address. . . . . . . . . : 00-04-75-AA-EE-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.97
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.16.2
NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Server Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-C0-9F-25-7A-1D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.16.2

PPP adapter Small Business Broadband Connection for BellSouth DSL:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 72.148.215.47
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 205.152.37.23
205.152.144.23
NetBIOS over Tcpip. . . . . . . . : Disabled

C:\Documents and Settings\Administrator>

Regards,
Robert Woehrer, CEO
Mobile PC Magic, Inc.

"Cris Hanna (SBS-MVP)" wrote:

> Sound like an issue with LAT
> Can you run ipconfig /all and post the results here
>
> --
> Cris Hanna [SBS-MVP]
> --------------------------------------
> Please do not respond directly to me, but only post in the newsgroup so all can take advantage
> "Mobile PC Magic, Inc." <Mobile PC Magic, Inc.@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:4EEDD7C4-A8FD-4ECE-8110-FEBC94855C5C@xxxxxxxxxxxxxxxx
> Hello
>
> Ok... I've been intermittently getting the following error messages several
> times per day since upgrading to DSL several months back. When Event ID 14147
> is logged, all client PC's briefly lose connectivity to the internet (they do
> not lose internal connections). I am running SBS2003 SP1 & ISA 2004 SP2.
>
> The error messages in Event Viewer are as follows:
> ISA Server detected routes through adapter Loopback that do not correlate
> with the network element to which this adapter belongs. For best practice,
> the address range of an ISA Server network should match the address ranges
> routable through the associated network adapter as defined in the routing
> table. Otherwise valid packets may be dropped as spoofed. (This alert may
> occur momentarily when you create a remote site network. You may safely
> ignore this message if it does not reoccur.) The address ranges in conflict
> are: 72.148.215.47-72.148.215.47;.
>
> ISA Server detected routes through adapter 3COM NIC for BellSouth DSL that
> do not correlate with the network element to which this adapter belongs. For
> best practice, the address range of an ISA Server network should match the
> address ranges routable through the associated network adapter as defined in
> the routing table. Otherwise valid packets may be dropped as spoofed. (This
> alert may occur momentarily when you create a remote site network. You may
> safely ignore this message if it does not reoccur.) The address ranges in
> conflict are:
> 65.14.248.10-65.14.248.10;72.148.215.47-72.148.215.47;72.255.255.255-72.255.255.255
>
> I never experienced this issue when I had a cable modem - the only major
> difference now is the addition of the PPPoE connection to log onto my DSL
> service. The IP address (72.148.215.47) in the first error message is my
> Static (External) IP address. The IP address in the second error message
> 65.14.248.10 is the default gateway for my DSL service.
>
> Route print on my server is as follows:
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
>
> C:\Documents and Settings\Administrator>route print
>
> IPv4 Route Table
> ===========================================================================
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x10002 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> 0x10003 ...00 04 75 aa ee 30 ...... 3Com EtherLink 10/100 PCI For Complete
> PC Ma
> nagement NIC (3C905C-TX)
> 0x10004 ...00 c0 9f 25 7a 1d ...... Intel(R) PRO/1000 MT Network Connection
> 0x40005 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
> ===========================================================================
> ===========================================================================
> Active Routes:
> Network Destination Netmask Gateway Interface Metric
> 0.0.0.0 0.0.0.0 65.14.248.10 72.148.215.47 1
> 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.97 2
> 65.14.248.10 255.255.255.255 72.148.215.47 72.148.215.47 1
> 72.148.215.47 255.255.255.255 127.0.0.1 127.0.0.1 50
> 72.255.255.255 255.255.255.255 72.148.215.47 72.148.215.47 50
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
> 192.168.1.0 255.255.255.0 192.168.1.97 192.168.1.97 20
> 192.168.1.97 255.255.255.255 127.0.0.1 127.0.0.1 20
> 192.168.1.255 255.255.255.255 192.168.1.97 192.168.1.97 20
> 192.168.16.0 255.255.255.0 192.168.16.2 192.168.16.2 10
> 192.168.16.2 255.255.255.255 127.0.0.1 127.0.0.1 10
> 192.168.16.19 255.255.255.255 127.0.0.1 127.0.0.1 50
> 192.168.16.255 255.255.255.255 192.168.16.2 192.168.16.2 10
> 224.0.0.0 240.0.0.0 192.168.1.97 192.168.1.97 20
> 224.0.0.0 240.0.0.0 192.168.16.2 192.168.16.2 10
> 224.0.0.0 240.0.0.0 72.148.215.47 72.148.215.47 1
> 255.255.255.255 255.255.255.255 72.148.215.47 72.148.215.47 1
> 255.255.255.255 255.255.255.255 192.168.1.97 192.168.1.97 1
> 255.255.255.255 255.255.255.255 192.168.16.2 192.168.16.2 1
> Default Gateway: 65.14.248.10
> ===========================================================================
> Persistent Routes:
> None
>
> C:\Documents and Settings\Administrator>
>
> I've tried everything short of hiring someone to come in and fix my server!
>
> Yesterday I decided to poke around in "Routing and Remote Access". Under "IP
> Routing", I added the following 3 "Static Routes":
> (The format is Destination, Network Mask, Gateway, Interface, Metric, View)
> 72.255.255.255; 255.255.255.255; 72.148.215.47; 3COM NIC for BellSouth DSL;
> 50; Both
> 72.148.215.47; 255.255.255.255; 127.0.0.1; 3COM NIC for BellSouth DSL; 50;
> Both
> 65.14.248.10; 255.255.255.255; 72.148.215.47; 3COM NIC for BellSouth DSL; 1;
> Both
>
> After applying the 3 preceding "Static Routes", I am no longer receiving
> Event ID 14147 and everything is running smoothly.
>
> Because I don't know that much about these settings, my question is, did I
> compromise/weaken my security? What is the difference between adding these
> entries under "Static Routes" as opposed to "Persistent Routes" at the
> command prompt?
>
> Many thanks for your help!
>
> Regards,
> Robert Woehrer, CEO
> Mobile PC Magic, Inc

Relevant Pages

  • Re: Host of networking problems ...
    ... I did notice tho that the tunneling adapters are still there and not sure why. ... Ethernet adapter Local Area Connection 3: ... Connection-specific DNS Suffix. ... I have been working several hours now on my network problem and have gotten ...
    (microsoft.public.windowsxp.network_web)
  • Re: VPN and DNS
    ... My Dell ERA/O doesn not starts its remote ... run our exchange server for emails, ... It has the WAN adapter @85.12.17.104, ... Connection-specific DNS Suffix. ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Correct?
    ... Maybe your server nic is working to hard? ... How can I monitor network traffic thoughout the day, ... Windows IP Configuration ... Connection-specific DNS Suffix. ...
    (microsoft.public.backoffice.smallbiz)
  • Re: VPN and DNS
    ... run our exchange server for emails, ... IF I disable the internal NIC, I cannot connect remotely, ... It has the WAN adapter @85.12.17.104, ... Connection-specific DNS Suffix. ...
    (microsoft.public.windows.server.dns)
  • Re: problems connecting to Network Shares over VPN
    ... We have a wired and wirelesss network in the office, however, the server ... I don't think I can disable IP v6 as this is a SBS Server and Exchange puts ... Ho do I compare both VPN server and client routing tables? ... Connection-specific DNS Suffix. ...
    (microsoft.public.windows.server.networking)