Announcement

Collapse
No announcement yet.

ISA 2006 - new subnet not working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ISA 2006 - new subnet not working

    HI,

    I have configured ISA 2006 with two(2) nics; below are the network details

    Internal: 192.168.X.X/16
    External: 172.16.33.X/24
    New-Internal: 192.169.3.X/24 (just mentioned for expalining my issue, using private subnet in real environment)

    Deatils of Internal adapter of ISA:
    IP:192.168.1.1
    SM: 255.255.0.0
    GW: -
    DNS: -
    Deatils of External adapter of ISA:
    IP: 172.16.33.1
    SM: 255.255.255.0
    GW: 172.16.33.5
    DNS: 192.168.1.5

    The users in the Internal Subnet(192.168.X.X/16) are able to browse the internet using proxy 192.168.1.1:8080, but in the New-Internal subnet users are unable to access the internet.

    New-Internal can access External Subnet. (Routing is ok)
    I have also created a access rule in ISA, i am getting the below message
    The routing table for the network adapter Internal includes IP address ranges that are not defined in the array-level network Internal, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network.
    The following IP address ranges will be dropped as spoofed:
    External: 192.169.3.0 - 192.169.3.255;
    ISA Server detected routes through the network adapter External that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 192.169.3.0 - 192.169.3.255;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.

    Please help me to resolve this.
    many thanks in advance
    Last edited by zakir.ahmed; 1st October 2013, 19:16.

  • #2
    Re: ISA 2006 - new subnet not working

    New-Internal: 192.169.3.X is a public IP address, do you own this range? If not then your ISP may not be too pleased.
    There may also be routing issues to anything over the internet which actually use 192.169.3.x

    How about trying a private addressing scheme which falls under RFC1918
    http://en.wikipedia.org/wiki/Private_network


    http://myip.ms/view/ip_addresses/323..._192.169.3.255
    Please remember to award reputation points if you have received good advice.
    I do tend to think 'outside the box' so others may not always share the same views.

    MCITP -W7,
    MCSA+Messaging, CCENT, ICND2 slowly getting around to.

    Comment


    • #3
      Re: ISA 2006 - new subnet not working

      Sorry i forgot to mention, the IP's i mentioned are different <i used just for explanation>

      all the ip's i used in my real network are private

      Comment


      • #4
        Re: ISA 2006 - new subnet not working

        Each subnet in ISA Server requires a network definition and a network rule defining it's relationship to the other networks. That's even before you can start creating firewall rules.

        Go to Configuration->Networks. Create a new network and associate the range to it. Then add it to the internet access rule. Also create a new rule, if required, to allow traffic between the new network and internal, using route as the relationship.
        BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
        sigpic
        Cruachan's Blog

        Comment


        • #5
          Re: ISA 2006 - new subnet not working

          Hi cruachan,

          Done that, added a network & defined a rule. Still not working, getting the alert as

          The routing table for the network adapter Internal includes IP address ranges that are not defined in the array-level network Internal, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network.
          The following IP address ranges will be dropped as spoofed:
          External: 192.169.3.0 - 192.169.3.255;
          ISA Server detected routes through the network adapter External that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 192.169.3.0 - 192.169.3.255;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.

          please suggest

          Comment


          • #6
            Re: ISA 2006 - new subnet not working

            Message is pretty self explanatory, as far as ISA is concerned traffic is arriving at the Internal Subnet from another subnet that ISA doesn't know about.

            What rules have you created? Are they network rules, or access rules in the Firewall Policy?
            BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
            sigpic
            Cruachan's Blog

            Comment

            Working...
            X