Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 14120 Source: MicrosoftWebProxy

The ISA Server services cannot create a packet filter <ip address>. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.
Installing the Internet Security and Acceleration (ISA) Server 2000 Service Pack 2 resolved this problem for me.
This event can also occur in an environment where the ISA server machine has routable IP addresses on its NIC and it functions as a proxy-cache/web gateway in a firewalled network that uses real IP's. If the machine has multiple IP addresses configured and you bind the ISA proxy service to one of the secondary IP's, you may experience 14120 errors almost in every web request (even though the cache seems to function perfectly). In the above environment, the only workaround that solved the problem was to set the IP address to which the web requests arrive as a primary IP address for the Network Interface and bind ISAServer to this IP address.

Installing the Internet Security and Acceleration (ISA) Server 2000 Service Pack 2 might solve this problem.
In my case, I am using ISA for content filtering on a server with only one NIC. By disabling Packet Filtering I was able to resolve this issue.
When RASPPPOE failed to connect itself to my ISP for no apparent reason, I resolved the issue by switching LAN and WAN interfaces. This error appeared continuously in my event log along the process. I resolved it by rebuilding the LAT (this being no different to what was there in the first place however).
See the link to for a discussion about the 14120 error.

I came accross this problem when I installed ISA Server with 1 NIC. See ME288236 for more information. I fixed this problem by installing a second nic for. Microsoft ISA can't filter packets with one NIC.
When using the Configure LAT wizard on a dual-nic server, make sure you don't add the external Interfaces IP to the LAT. By defualt, the wizard will add all IP's and networks from all Interfaces. Make sure you uncheck the option to "Add address ranges based on the selected computer's Windows 2000 routing table" and select only your internal network. Event id 14120 will occur whenever the outgoing interfaces IP is placed in LAT. To fix, delete the external interfaces IP from the LAT.
Please see also ME288236.
As per Microsoft: "This behavior occurs because when the ISA Web service listens on the external IP address on behalf of the Web server, and the internal client tries to access that service, Web proxy tries to create a packet filter for that address because the proxy views that the address as external (which it is). The packet filter driver fails to create the filter because the address is not reachable through the external interface; instead, the address is reachable through the loopback interface. The result is the event log entry. " See the link below for more information and workaround.
First , remove host records in internal DNS server that refers to external IP address of ISA Server. Leave only HOST records that refers to internal IP. Also, if ISA Serves is a DNS set it to listen only on internal IP address.

Secondly , go to Properties page of my network places, then on Advanced menu and select Advanced Settings. On Adapter and Bindings tab in Connections Window move LAN connection on the first place and click ok. This will force your clients from LAN to communicate with ISA Server only by internal IP address which is the right way.

Of course , it's important to have IP addresses for LAN in LAT of ISA. I hope this will solve 14120 problems.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.