3.0/24
FIGURE 3.3 Examining ISA network concepts.
70
In Figure 3.3, for example, ISA is physically connected to only the 10.10.1.x/24 network,
but accepts the traffic that is routed from the subnets ???behind??? this subnet as belonging
to the aggregate network topology. This assumes that all the subnets are properly listed in
ISA??™s definition of the network itself.
CAUTION
If an ISA server is configured improperly with multiple networks that are not physically
attached to the ISA server, it assumes that those networks are disconnected and
reports a 14147 error. Any responses that are received from that disconnected network
are assumed to be IP spoofing attempts and are ignored. It is subsequently
important to configure all the physical network subnets properly within the definition of
the network to avoid this issue.
New networks that are created in ISA share these common characteristics. A few networks
created by default on an ISA server operate in slightly different ways, as defined here:
. Local Host??”This network represents the local ISA server itself and cannot be modified.
It exists to facilitate the creation of rules that have to do with traffic that originates
from the ISA server.
Pages:
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184