Cisco VPN traffic identified as Spoofed in TMG
Posted on 2013-01-17
We have 2 gateways, one using a Cisco IOS firewall and a MS TMG 2010.
I would like to allow traffic from the Cisco VPN through to the DMZ off the TMG, however the TMG is detecting the traffic as spoofed:
A packet was dropped because Forefront TMG determined that the source IP address is spoofed
The subnet for the VPN is 172.16.189.x, which is a completely different subnet to the internal network.
I have ensured the VPN traffic is being routed to the DMZ successfully, and added the VPN subnet to the Internal Network section under the Networks tab of Networking in TMG. I booted the server too, however the traffic is still being denied in the TMG logging.
I think I may have missed something in defining the network in TMG, but I cannot see where.