Microsoft KB Archive/884496

= Client computers cannot access external resources, and event ID 14147 appears in the Application log in ISA Server 2006 or in ISA Server 2004 =

Article ID: 884496

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Internet Security and Acceleration Server 2004 Standard Edition
 * Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
 * Microsoft Internet Security and Acceleration Server 2006 Standard Edition

-





SYMPTOMS
On the computer that is running Microsoft Internet Security and Acceleration (ISA) Server, you may experience all the following symptoms:
 * Some client computers on the internal network cannot connect to the ISA Server computer or connect to external resources through the ISA Server computer.
 * You may receive an IP spoofing message.
 * One or both of the following events may appear in the Application log in Event Viewer.
 * Event Source: Microsoft Firewall

Event Category: None

Event ID: 14147

Date:

Time:

Type: Error

User: N/A

Computer:

Description: ISA Server detected routes through adapter &quot; &quot; that do not correlate with the network element to which this adapter belongs. The address ranges in conflict are:  -  ;. Fix the network element and/or the routing table to make these ranges consistent; they should be in both or in neither. If you recently created a mobile site network, check if the event recurs. If it does not, you may safely ignore this message.
 * Event Source: Microsoft Firewall

Event Category: None

Event ID: 15108

Date:

Time:

Type: Error

User: N/A

Computer:

Description: ISA Server detected a spoof attack from Internet Protocol (IP) address. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.



CAUSE
This issue occurs if the ISA Server network objects do not match the routing table entries that ISA Server uses to understand the network topology. Event ID 14147 may be logged when you first create a remote site network when you configure a site-to-site VPN connection in ISA Server.

ISA Server requires that only one network adapter is associated with a single ISA Server network, and that network adapter IP addresses are not configured in more than one network. IP address ranges must be configured correctly for ISA Server network objects, and match the routing table. Network object definitions should include all remote subnets that can be reached through the adapter that is associated with the network. Additionally, persistent static routes should be defined in the routing table for each remote subnet.



RESOLUTION
For more information about how to troubleshoot network configuration issues, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=60491

For more information about how to configure ISA Server network objects, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=56780

Additional query words: alert

Keywords: kbtshoot kbfirewall kbenv kbprb kbisa2006swept KB884496

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.