Some time last week a client asked for a static route to be placed into the routing table of our DMZ for a new subnet they were building. I informed them that the route was now in place and that they should test it. Their System Administrator e-mailed me telling me that they couldn't ping one of my servers and they were sure that everything was configured correctly on their side. I requested that he check on weather or not their ISA server was correctly configured as this problem seemed to be related to routing within their network.
A few days went by and then the e-mail dialog began...... no everything was configured correctly on their side, no they still could not ping my servers. Again tried to explain that he must check on weather the ISA server was correctly configured, in the end I asked for copy of the ISA servers router table and configuration.
Now, let me explain something here, I have nothing against Microsoft software or even their ISA server. However I do have problems when these are not properly configured! Microsoft have done a great job in coming out with software that just about anyone can configure. The MS ISA server is a good example, you can do all sorts of things with it. *BUT* the moment you want to get 'fancy' and try to configure it as a all singing and dancing firewall/router/proxy server you really need an administrator who has some experience! At the very least an understanding of basic routing.
Of course when making changes to a live production network, be sure you know what you are doing. Other wise strange and bad things can happen, as was the case here. Applications needing access to resources on the network will be disrupted and users will complain! And lo and behold I get an e-mail from the System Administrator telling me to stop doing what ever it was that I was doing that was disrupting their network!
To cut the sorry story short, there was a routing entry missing on their ISA server! Argh! And to top it all someone was playing around with the ISA server causing the network to become unstable.
Where have all the good administrators gone? How can anyone be an administrator on any network connected device and not understand how a network works?
