The IP Spoof Detection feature in ISA Server 2000 may drop legal packets on systems that have multiple external interfaces

The IP Spoof Detection feature in Microsoft Internet Security and Acceleration (ISA) Server 2000 may drop legal packets on systems that have multiple external interfaces. This problem may occur if both of the following conditions are true:

• The network adapters are configured with different metrics.
• The packets arrive on an interface that has a lower priority or that has a higher metric.

For example, the following scenario is typical:

• Network adapter 1 is used for outgoing packets to the Internet.
• Network adapter 2 is for used server publishing, and it is waiting for incoming requests from the Internet. This interface may be configured with a lower priority or a higher metric.

The IP Spoof Detection feature may drop packets that arrive on network adapter 2 because they arrive on network adapter 2 but they leave from network adapter 1.

To use multiple external interfaces with ISA Server 2000, you may have to turn off the IP Spoof Detection feature. For additional information about how to turn off the IP Spoof Detection feature, click the following article number to view the article in the Microsoft Knowledge Base:

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.