ISA Server Error Message

Unanswered Question
Jun 20th, 2006
User Badges:

Dear All,


Please I need you suggestions to solve the following problem.


In multivlan LAN ISA server is located in between Internal LAN and PIX firewall. ISA server internal LAN card connectd to separate vlan of the L3 switch and cofigured with the GATEWAY of the SVI interface. The outside of the ISA server NIC is connected to the PIX inside Interface and confiured the gateway of inside pix interface ip address. Now due to the dual gateway configured one each for the NICs ISA giving the following error log message.


Description: ISA Server detected a proxy chain loop. There is a problem with the configuration of the ISA Server routing policy.



Description: ISA Server was unable to process a response body from http://tcontent.e-messenger.net. The server supplied a compressed response although ISA Server did not request compression. The response was discarded.



Description: ISA Server detected routes through adapter WAN that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.) The address ranges in conflict are: 172.16.1.0-172.16.2.255;172.16.4.0-172.16.4.255;172.16.255.255-172.16.255.255;.


<br>ISA Server detected routes through adapter LAN that do not correlate with the network element to which this adapter belongs. For best practice, the address range of an ISA Server network should match the address ranges routable through the associated network adapter as defined in the routing table. Otherwise valid packets may be dropped as spoofed. (This alert may occur momentarily when you create a remote site network. You may safely ignore this message if it does not reoccur.) The address ranges in conflict are: 0.0.0.1-126.255.255.255;128.0.0.0-172.16.0.255;172.16.3.0-172.16.3.255;172.16.5.0-172.16.15.255;172.16.17.0-172.16.255.254;172.17.0.0-192.168.0.255;192.168.2.0-223.255.255.255;240.0.0.0-255.255.255.254;."


Could you tell me where is the problem?


do we need to do any config on L3 3750 switch or in the ISA server?


Please reply to me.


Thanks

swamy



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
grant.maynard Wed, 06/21/2006 - 03:24
User Badges:
  • Silver, 250 points or more

Sounds like a routing problem.

Instead of two gateways on the ISA, could you put a default route on the ISA pointing to the PIX inside interface, then put specific routes on the ISA for the internal subnets pointing inside?

On the PIX you would have a default route pointing outside and specific routes for the internal subnets pointing inside to the ISA.

I assume the 3750 is inside the ISA, doing inter-VLAN routing? It just needs ad efault route to the ISA inside.

arumugasamy Sun, 06/25/2006 - 03:45
User Badges:

Dear Grant,


Let me try it and come back to you.


Thank you for your solution.

Actions

This Discussion