Solved

Threat Management Gateway (TMG) 2010 is getting Event ID 21265

Posted on 2014-10-16
2
687 Views
Last Modified: 2014-10-29
We are not able to pass traffic from one of our internal networks to another.

To be simple about our topology, TMG controls the 10.30.x.x networks and our other network on a Sonicwall is 10.0.0.x.

The internal network adapter on TMG is called bridge but we got an error in the event log talking about the 10.0.0.x network on the external WAN adapter.

----------------------------------------
The routing table for the network adapter TMG - WAN includes IP address ranges that are not defined in the array-level network External, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network. The following IP address ranges will be dropped as spoofed: 705 - Bridge:10.0.0.0-10.0.1.255,10.10.0.0-10.10.0.255,10.10.4.0-10.10.4.255,10.10.10.0-10.10.10.127,
----------------------------------------

We're not sure if this is causing the issue but we can't have both networks mentioned above pass traffic between each other. All firewall rules on both ends have not changed and allow full access.


Troubleshooting:
I verified that the networks we need to talk are listed under the Network Topology and Active Routes.
I can ping from the TMG to the Sonicwall.
I can ping from the Sonicwall to the TMG.
I can ping from the Sonicwall to anything on the other side of the TMG.
I CAN'T ping from the TMG to anything beyond the Sonicwall.

I know that makes it sound like the Sonicwall is the issue, but we have not found any errors on anything except the error mentioned above in the TMG.
0
Comment
Question by:Paul Wagner
2 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 40400785
Check the NIC settings in TMG (settings for NICs should be done via TMG, not on the NIC itself) as the network mask on the NIC, if there are mask overlappings. As you have a 10.0.x.x and a 10.30.x.x. network, I would assume as mask of 255.255.0.0.
As the error message is talking also about other subnet ranges, it looks like that the mask is wrong.

Make sure that the definitions under the network tab fits to the address ranges covered by the according NIC mask.

I.e. you have a NIC 10.30.0.1 with mask 255.255.0.0, the according network range in the network definition is 10.30.0.0 to 10.30.255.255.
0
 
LVL 3

Author Comment

by:Paul Wagner
ID: 40411911
That was it. The NIC has a different subnet than what is scoped in the network definition.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now