This issue occurs if the ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition network objects do not match the routing table entries that ISA Server uses to understand the network topology. Event ID 14147 may be logged when you first create a remote site network when you configure a site-to-site VPN connection in ISA Server.
ISA Server requires that only one network adapter is associated with a single ISA Server network, and that network adapter IP addresses are not configured in more than one network. IP address ranges must be configured correctly for ISA Server network objects, and match the routing table. Network object definitions should include all remote subnets that can be reached through the adapter that is associated with the network. Additionally, persistent static routes should be defined in the routing table for each remote subnet.
On the computer that is running Microsoft Internet Security and Acceleration (ISA) Server, Microsoft Forefront Threat Management Gateway, Medium Business Edition, or Windows Essential Business Server 2008, you may experience all the following symptoms:
- Some client computers on the internal network cannot connect to the computer that is running ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition or connect to external resources through the ISA Server computer.
- You may receive an IP spoofing message.
- One or both of the following events may appear in the Application log in Event Viewer.
Event Source: Microsoft Firewall
Event Category: None
Event ID: 14147
Date: date
Time: time
Type: Error
User: N/A
Computer: computer name
Description: ISA Server detected routes through adapter "adapter name" that do not correlate with the network element to which this adapter belongs. The address ranges in conflict are: start IP address - end IP address;. Fix the network element and/or the routing table to make these ranges consistent; they should be in both or in neither. If you recently created a mobile site network, check if the event recurs. If it does not, you may safely ignore this message.Event Source: Microsoft Firewall
Event Category: None
Event ID: 15108
Date: date
Time: time
Type: Error
User: N/A
Computer: computer name
Description: ISA Server detected a spoof attack from Internet Protocol (IP) address IP address. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.
I have seen wrong sub net on my WAN adpter in ISA 2004 computer. according to the IP sub net would be 255.0.0.0 for 10.0.0.1 ,, but my ADSL device recorded IP is 10.0.0.2 for sub net 255.255.255.0 . I have changed my end WAN IP subnet as follwoing 255.255.255.0 due to that error that I am receiving several time. Hope this will work. ANy idea that you have guys ...??
Comments