Event Id | 14147 |
Source | Microsoft Firewall |
Description | ISA Server detected routes through adapter "adapter name" that do not correlate with the network element to which this adapter belongs. The address ranges in conflict are: start IP address - end IP address;. Fix the network element and/or the routing table to make these ranges consistent; they should be in both or in neither. If you recently created a mobile site network, check if the event recurs. If it does not, you may safely ignore this message. |
Event Information | According to Microsoft: CAUSE 1: This issue may occur if the routing table on the ISA Server computer is different from the ISA Server configuration. In this scenario, any traffic that is sent from or to the IP addresses that appear in the events from the "Symptoms" section is dropped by ISA Server. ISA Server considers this traffic as spoofed. This issue may occur if all the following conditions are true: 1. You have a router that connects to an internal interface of the ISA Server computer. 2. You manually add the internal IP address range of that router to the IP address range of the network that is configured for this internal interface of the ISA Server computer. 3. A user tries to connect from the internal interface of that router through ISA Server to an external resource. RESOLUTION: To resolve this issue, define the ISA Server network to be consistent with the routing table in Microsoft Windows. To do this, create the network object addresses by adding the network adapter instead of by manually typing the IP address range that you want to add. If the IP address ranges that you expect do not appear in the Address ranges list after you add the network adapter, you must verify the ISA Server computers routing table. This might occur if you require IP addresses that are remote to the ISA Server network adapter. 1. Add a static route to the Windows routing table for the remote subnet. 2. Configure the internal network object on the ISA Server computer to include both sets of IP addresses by using the Add Adapter option. "According to Microsoft : CAUSE 2: ISA Server uses the route table and route entries associated with a network interface to understand the network topology. This event is issued when there is a mismatch between the routing table and the IP address ranges associated with an ISA Server network object. RESOLUTION: Troubleshoot this issue by checking the foll |
Reference Links | Client computers cannot access external resources, and event ID 14147 appears in the Application log in ISA Server 2004 ISA Server Detected a Spoof Attack |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.