We have a IIS web server that is hosting a site which is behind a Sonicwall pro 3060 firewall in Michigan. Of the 20 odd branch locations throughout the south and west everyone can access the site but 4. Of these four 3 have the same provider and 1 is different. All can reach other resources behind the firewall in Michigan (email). From the logs at the branches all traffic is leaving the firewall and going to the 1X. XX. network. In the log of the Sonicwall (Michigan) an entry for on of the sites reads:
06/23/2008 13:21:46.928 Alert , Intrusion Prevention, IP spoof dropped, 6X.1XX.160.170, 38887, X1, 1X.XX.85.26, 80, X1, MAC address: 0X:1X:X3:Xc:f4:9c
6X.1XX.160.170 is the actual address from the branch and not a spoof. This may be a clue to solve the problem???
Where do I begin looking to try and isolate where the problem lies?