Solved

Threat Management Gateway (TMG) 2010 is getting Event ID 21265

Posted on 2014-10-16
2
716 Views
Last Modified: 2014-10-29
We are not able to pass traffic from one of our internal networks to another.

To be simple about our topology, TMG controls the 10.30.x.x networks and our other network on a Sonicwall is 10.0.0.x.

The internal network adapter on TMG is called bridge but we got an error in the event log talking about the 10.0.0.x network on the external WAN adapter.

----------------------------------------
The routing table for the network adapter TMG - WAN includes IP address ranges that are not defined in the array-level network External, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network. The following IP address ranges will be dropped as spoofed: 705 - Bridge:10.0.0.0-10.0.1.255,10.10.0.0-10.10.0.255,10.10.4.0-10.10.4.255,10.10.10.0-10.10.10.127,
----------------------------------------

We're not sure if this is causing the issue but we can't have both networks mentioned above pass traffic between each other. All firewall rules on both ends have not changed and allow full access.


Troubleshooting:
I verified that the networks we need to talk are listed under the Network Topology and Active Routes.
I can ping from the TMG to the Sonicwall.
I can ping from the Sonicwall to the TMG.
I can ping from the Sonicwall to anything on the other side of the TMG.
I CAN'T ping from the TMG to anything beyond the Sonicwall.

I know that makes it sound like the Sonicwall is the issue, but we have not found any errors on anything except the error mentioned above in the TMG.
0
Comment
Question by:Paul Wagner
2 Comments
 
LVL 35

Accepted Solution

by:
Bembi earned 500 total points
ID: 40400785
Check the NIC settings in TMG (settings for NICs should be done via TMG, not on the NIC itself) as the network mask on the NIC, if there are mask overlappings. As you have a 10.0.x.x and a 10.30.x.x. network, I would assume as mask of 255.255.0.0.
As the error message is talking also about other subnet ranges, it looks like that the mask is wrong.

Make sure that the definitions under the network tab fits to the address ranges covered by the according NIC mask.

I.e. you have a NIC 10.30.0.1 with mask 255.255.0.0, the according network range in the network definition is 10.30.0.0 to 10.30.255.255.
0
 
LVL 4

Author Comment

by:Paul Wagner
ID: 40411911
That was it. The NIC has a different subnet than what is scoped in the network definition.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A few customers have recently asked my thoughts on Password Managers.  As Security is a big part of our industry I was initially very hesitant and sceptical about giving a program all of my secret passwords.  But as I was getting asked about them mo…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now