Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1011
  • Last Modified:

Threat Management Gateway (TMG) 2010 is getting Event ID 21265

We are not able to pass traffic from one of our internal networks to another.

To be simple about our topology, TMG controls the 10.30.x.x networks and our other network on a Sonicwall is 10.0.0.x.

The internal network adapter on TMG is called bridge but we got an error in the event log talking about the 10.0.0.x network on the external WAN adapter.

----------------------------------------
The routing table for the network adapter TMG - WAN includes IP address ranges that are not defined in the array-level network External, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network. The following IP address ranges will be dropped as spoofed: 705 - Bridge:10.0.0.0-10.0.1.255,10.10.0.0-10.10.0.255,10.10.4.0-10.10.4.255,10.10.10.0-10.10.10.127,
----------------------------------------

We're not sure if this is causing the issue but we can't have both networks mentioned above pass traffic between each other. All firewall rules on both ends have not changed and allow full access.


Troubleshooting:
I verified that the networks we need to talk are listed under the Network Topology and Active Routes.
I can ping from the TMG to the Sonicwall.
I can ping from the Sonicwall to the TMG.
I can ping from the Sonicwall to anything on the other side of the TMG.
I CAN'T ping from the TMG to anything beyond the Sonicwall.

I know that makes it sound like the Sonicwall is the issue, but we have not found any errors on anything except the error mentioned above in the TMG.
0
Paul Wagner
Asked:
Paul Wagner
1 Solution
 
BembiCEOCommented:
Check the NIC settings in TMG (settings for NICs should be done via TMG, not on the NIC itself) as the network mask on the NIC, if there are mask overlappings. As you have a 10.0.x.x and a 10.30.x.x. network, I would assume as mask of 255.255.0.0.
As the error message is talking also about other subnet ranges, it looks like that the mask is wrong.

Make sure that the definitions under the network tab fits to the address ranges covered by the according NIC mask.

I.e. you have a NIC 10.30.0.1 with mask 255.255.0.0, the according network range in the network definition is 10.30.0.0 to 10.30.255.255.
0
 
Paul WagnerFriend To Robots and RocksAuthor Commented:
That was it. The NIC has a different subnet than what is scoped in the network definition.
0

Featured Post

Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now