Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1495
  • Last Modified:

Cisco VPN traffic identified as Spoofed in TMG

Hi,

We have 2 gateways, one using a Cisco IOS firewall and a MS TMG 2010.

I would like to allow traffic from the Cisco VPN through to the DMZ off the TMG, however the TMG is detecting the traffic as spoofed:

A packet was dropped because Forefront TMG determined that the source IP address is spoofed

The subnet for the VPN is 172.16.189.x, which is a completely different subnet to the internal network.

I have ensured the VPN traffic is being routed to the DMZ successfully, and added the VPN subnet to the Internal Network section under the Networks tab of Networking in TMG. I booted the server too, however the traffic is still being denied in the TMG logging.

I think I may have missed something in defining the network in TMG, but I cannot see where.
0
GlennCameron
Asked:
GlennCameron
1 Solution
 
Suliman Abu KharroubIT Consultant Commented:
0
 
Keith AlabasterEnterprise ArchitectCommented:
Generally speaking, spoofing is caused by omitting either the network id (for example the .0) or the broadcast address (the .255) from the network range in the TMG gui - networking tabs.

Run the best practice analyser which will normally pull it up as well. Exactly which ip addresses are being identified as spoofed? It will tell you in the monitoring - alerts tab if you have not recorded them.

Always better to fix something rather than just disable the alert message.
0
 
infoplateformCommented:
i thinks you should create a rule for your internal traffic to by pass tmg

like internal is 172.17.0.X
now allow whole 172.17.0.x on new rule

hope it helps
0
 
GlennCameronAuthor Commented:
The Best Practise Analyser entries lead me to this: http://tmgblog.richardhicks.com/2011/05/11/forefront-tmg-2010-configuration-error-alert/

Adding routes for the VPN range resolved the spoofing issue.
0
 
Keith AlabasterEnterprise ArchitectCommented:
Excellent, good news. Thanks.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now