The IP Spoof Detection feature in ISA Server 2000 may drop legal packets on systems that have multiple external interfaces (832659)
The information in this article applies to:
- Microsoft Internet Security and Acceleration Server 2000
- Microsoft Internet Security and Acceleration Server 2000 SP1
SYMPTOMSThe IP Spoof Detection feature in Microsoft Internet Security and Acceleration (ISA) Server 2000 may drop legal packets on systems that have multiple external interfaces. This problem may occur if both of the following conditions are true: - The network adapters are configured with different metrics.
- The packets arrive on an interface that has a lower priority or that has a higher metric.
For example, the following scenario is typical: - Network adapter 1 is used for outgoing packets to the Internet.
- Network adapter 2 is for used server publishing, and it is waiting for incoming requests from the Internet. This interface may be configured with a lower priority or a higher metric.
The IP Spoof Detection feature may drop packets that arrive on network adapter 2 because they arrive on network adapter 2 but they leave from network adapter 1. WORKAROUNDTo use multiple external interfaces with ISA Server 2000, you may have to turn off the IP Spoof Detection feature.
For additional information about how to turn off the IP Spoof Detection feature, click the following article number to view the article in the Microsoft Knowledge Base:
284811
HOW TO: Disable the IP Spoofing Detection feature in Internet Security and Acceleration Server 2000
STATUSMicrosoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
| Modification Type: | Minor | Last Reviewed: | 1/3/2006 |
|---|
| Keywords: | kbpending kbbug kbprb KB832659 kbAudDeveloper |
|---|
|