Solved

Cisco VPN traffic identified as Spoofed in TMG

Posted on 2013-01-17
5
1,445 Views
Last Modified: 2013-01-20
Hi,

We have 2 gateways, one using a Cisco IOS firewall and a MS TMG 2010.

I would like to allow traffic from the Cisco VPN through to the DMZ off the TMG, however the TMG is detecting the traffic as spoofed:

A packet was dropped because Forefront TMG determined that the source IP address is spoofed

The subnet for the VPN is 172.16.189.x, which is a completely different subnet to the internal network.

I have ensured the VPN traffic is being routed to the DMZ successfully, and added the VPN subnet to the Internal Network section under the Networks tab of Networking in TMG. I booted the server too, however the traffic is still being denied in the TMG logging.

I think I may have missed something in defining the network in TMG, but I cannot see where.
0
Comment
Question by:GlennCameron
5 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38789728
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 400 total points
ID: 38791973
Generally speaking, spoofing is caused by omitting either the network id (for example the .0) or the broadcast address (the .255) from the network range in the TMG gui - networking tabs.

Run the best practice analyser which will normally pull it up as well. Exactly which ip addresses are being identified as spoofed? It will tell you in the monitoring - alerts tab if you have not recorded them.

Always better to fix something rather than just disable the alert message.
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 38795812
i thinks you should create a rule for your internal traffic to by pass tmg

like internal is 172.17.0.X
now allow whole 172.17.0.x on new rule

hope it helps
0
 

Author Closing Comment

by:GlennCameron
ID: 38799520
The Best Practise Analyser entries lead me to this: http://tmgblog.richardhicks.com/2011/05/11/forefront-tmg-2010-configuration-error-alert/

Adding routes for the VPN range resolved the spoofing issue.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38800016
Excellent, good news. Thanks.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Sonicwall Scheduling 4 38
Expanding Subnet Mask 20 109
Interface traffic report in FortiAnalyzer 1000D 4 9
Sonicwall guest user accounts 2 10
I have been asked to explain on many, many occasions the correct way to setup network cards and DNS settings on ISA Server 2004, 2006 and forefront Threat management gateway (FTMG) and have willing done so. I have also promised my self everytime tha…
In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question