?
Solved

Cisco VPN traffic identified as Spoofed in TMG

Posted on 2013-01-17
5
Medium Priority
?
1,481 Views
Last Modified: 2013-01-20
Hi,

We have 2 gateways, one using a Cisco IOS firewall and a MS TMG 2010.

I would like to allow traffic from the Cisco VPN through to the DMZ off the TMG, however the TMG is detecting the traffic as spoofed:

A packet was dropped because Forefront TMG determined that the source IP address is spoofed

The subnet for the VPN is 172.16.189.x, which is a completely different subnet to the internal network.

I have ensured the VPN traffic is being routed to the DMZ successfully, and added the VPN subnet to the Internal Network section under the Networks tab of Networking in TMG. I booted the server too, however the traffic is still being denied in the TMG logging.

I think I may have missed something in defining the network in TMG, but I cannot see where.
0
Comment
Question by:GlennCameron
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 38789728
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 1200 total points
ID: 38791973
Generally speaking, spoofing is caused by omitting either the network id (for example the .0) or the broadcast address (the .255) from the network range in the TMG gui - networking tabs.

Run the best practice analyser which will normally pull it up as well. Exactly which ip addresses are being identified as spoofed? It will tell you in the monitoring - alerts tab if you have not recorded them.

Always better to fix something rather than just disable the alert message.
0
 
LVL 6

Expert Comment

by:infoplateform
ID: 38795812
i thinks you should create a rule for your internal traffic to by pass tmg

like internal is 172.17.0.X
now allow whole 172.17.0.x on new rule

hope it helps
0
 

Author Closing Comment

by:GlennCameron
ID: 38799520
The Best Practise Analyser entries lead me to this: http://tmgblog.richardhicks.com/2011/05/11/forefront-tmg-2010-configuration-error-alert/

Adding routes for the VPN range resolved the spoofing issue.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38800016
Excellent, good news. Thanks.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question