Hello. I have enabled VPN clients on my isa server and i also configure vpn site to site with our other office. Everything is working as expected except some warning messages after a vpn client connection for configuration error and ip spoofing regarding the vpn client ip. Is it something i can safelly ignore? Why ISA considers this is false? Below you can find the warning descriptions.
Description: ISA Server detected a spoof attack from Internet Protocol (IP) address 192.168.1.124. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the firewall log.
Description: ISA Server detected routes through the network adapter INTERNAL that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 192.168.1.124-192.168.1.124;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur. The routing table for network adapter EntersoftBG includes IP address ranges that are not defined in the array network EntersoftBG to which it is bound. As a result, when packets go in/out via this network adapter and they are from/sent to the IP address ranges listed below they will be considered spoofed and will be dropped. To resolve this issue, add the missing IP address ranges to the array network. The following IP address ranges will be dropped as spoofed: Internal:192.168.1.124-192.168.1.124;
Description: ISA Server detected routes through the network adapter EXTERNAL that do not correlate with the network to which this network adapter belongs. When networks are configured correctly, the IP address ranges included in each array-level network must include all IP addresses that are routable through its network adapters according to their routing tables. Otherwise valid packets may be dropped as spoofed. The following ranges are included in the network's IP address ranges but are not routable through any of the network's adapters: 10.255.255.255-10.255.255.255;. Note that this event may be generated once after you add a route, create a remote site network, or configure Network Load Balancing and may be safely ignored if it does not re-occur.
Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
Ignore it. There is a brief period of time between when the IP granted to the VPN User is dynamically switched from the Internal Network to the VPN Users Network. During that period this error can be logged.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [ISA Server 2004 Firewall] >> VPN >> Vpn warnings 
Vpn warnings - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread