Solved

Threat Management Gateway (TMG) 2010 is getting Event ID 21265

Posted on 2014-10-16
2
746 Views
Last Modified: 2014-10-29
We are not able to pass traffic from one of our internal networks to another.

To be simple about our topology, TMG controls the 10.30.x.x networks and our other network on a Sonicwall is 10.0.0.x.

The internal network adapter on TMG is called bridge but we got an error in the event log talking about the 10.0.0.x network on the external WAN adapter.

----------------------------------------
The routing table for the network adapter TMG - WAN includes IP address ranges that are not defined in the array-level network External, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network. The following IP address ranges will be dropped as spoofed: 705 - Bridge:10.0.0.0-10.0.1.255,10.10.0.0-10.10.0.255,10.10.4.0-10.10.4.255,10.10.10.0-10.10.10.127,
----------------------------------------

We're not sure if this is causing the issue but we can't have both networks mentioned above pass traffic between each other. All firewall rules on both ends have not changed and allow full access.


Troubleshooting:
I verified that the networks we need to talk are listed under the Network Topology and Active Routes.
I can ping from the TMG to the Sonicwall.
I can ping from the Sonicwall to the TMG.
I can ping from the Sonicwall to anything on the other side of the TMG.
I CAN'T ping from the TMG to anything beyond the Sonicwall.

I know that makes it sound like the Sonicwall is the issue, but we have not found any errors on anything except the error mentioned above in the TMG.
0
Comment
Question by:Paul Wagner
2 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 40400785
Check the NIC settings in TMG (settings for NICs should be done via TMG, not on the NIC itself) as the network mask on the NIC, if there are mask overlappings. As you have a 10.0.x.x and a 10.30.x.x. network, I would assume as mask of 255.255.0.0.
As the error message is talking also about other subnet ranges, it looks like that the mask is wrong.

Make sure that the definitions under the network tab fits to the address ranges covered by the according NIC mask.

I.e. you have a NIC 10.30.0.1 with mask 255.255.0.0, the according network range in the network definition is 10.30.0.0 to 10.30.255.255.
0
 
LVL 4

Author Comment

by:Paul Wagner
ID: 40411911
That was it. The NIC has a different subnet than what is scoped in the network definition.
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are some basic methods for preventing attacks on, hacking of and unauthorized access to a network -- maybe not completely, but up to a certain level. Start with a well-reputed firewall and unified threat management (UTM) system -- a gateway…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question