Welcome to ISAserver.org

Spoofing Packet Dropped

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [ISA Server 2004 Firewall] >> Network Infrastructure >> Spoofing Packet Dropped

Page: [1]

Message

<< Older Topic Newer Topic >>

Spoofing Packet Dropped - 9.Mar.2005 11:06:00 PM

enricoklein

Posts: 49
Joined: 8.Mar.2005
From: netherlands
Status: offline

Hi,

we have a routing problem in our ISA server test setup. We have a Checkpoint FW1 as our Front-End/DMZ Firewall and a ISA 2004 Ent. server on one of the segments. Below a simple diagram of the network.

we have defined the following networks:

Internal: 10.100.3.0 - 10.100.3.255
Vertis: 147.65.0.0 - 147.65.255.255

And the following network rules:

Internet Access: Internal --> external - route
Vertis Access: Vertis --> Internal - route (147.65.x.x --> 10.100.3.x)

when I try to connect from SrvB (147.65.20.75) to SrvA (10.100.3.33) the ISA server logging states the connection was denied with a result code of "0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED"

When I replace the address range of 147.65.x.x in the network rule with 10.100.10.x (which is the range used in between the ISA and the Checkpoint) the connection is succesfull.
However this would defeat the use of defining different network segments, wouldn't it? Which gives us almost no control over the incoming traffic.

Any way of getting around this? Maybe disabling the spoof detection?

Kindly awaiting your replies "[Big