• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Perimiter for OCS - Dropping packets as spoofed ? Split Subnet?

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> DMZ >> Perimiter for OCS - Dropping packets as spoofed ? Split Subnet? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Perimiter for OCS - Dropping packets as spoofed ? Split... - 23.Mar.2010 6:06:02 PM   
ashuman

 

Posts: 1
Joined: 23.Mar.2010
Status: offline
Hi,

I moved our datacener and changed out IPs. since then our OCS has been behaving badly. I think I know what this issue is, but I do not know how to solve it.

It runs fine for a few hours, and then ISA stops all traffic between external and DMZ. I believe I need to split my subnet to make this work, but we did not have to do so before. We only had 16 Ips before, and with the new ISP we have 32.

----------------------------------------------------
All IPs have been changed to protect the innocent :)
----------------------------------------------------

I get the dreaded alert on ISA:
================================
Description: The routing table for the network adapter 20MbpsBrst100 External includes IP address ranges that are not defined in the array-level network External, to which it is bound. As a result, packets arriving at this network adapter from the IP address ranges listed below or sent to these IP address ranges via this network adapter will be dropped as spoofed. To resolve this issue, add the missing IP address ranges to the array network.
The following IP address ranges will be dropped as spoofed:
226.9.6.64-226.9.6.65,226.9.6.76-226.9.6.78,226.9.6.95-226.9.6.95
===================================================================

IP Config:

Ip Range+ 226.9.6.64-95
Gateway 226.9.6.65
Broadcast 226.9.9.95
Subnet 255.255.255.224

External NIC
226.9.6.66 thru 75
226.9.6.69 thru 84
226.9.6.86 thru 94

DMZ Nic
226.9.6.85
no gateway
external DNS

NIC ons OCS Server
226.9.6.76
226.9.6.77
226.9.6.78

ISA Firewall Network
DMZ =
226.9.6.76
226.9.6.77
226.9.6.78
226.9.6.95

Network rule
DMZ to external = Route
External to DMZ = Route


Do I need to split up the subnet, or can I make the route work without it. The 3 IPs I have on the OCS server needs to publically routable. Everything works like a charm for a few hours, and then it drops.

Pleae help!
Post #: 1
RE: Perimiter for OCS - Dropping packets as spoofed ? S... - 8.Jun.2010 10:42:56 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
quote:

----------------------------------------------------
All IPs have been changed to protect the innocent :)
----------------------------------------------------


Fake IP#s describe fake problems that invite fake solutions that may be influenced by fake mistakes in faking the fake numbers.

The addresses are public,...that means they are supposed to be public, meaning people are supposed to know what they are so that they can connect to them,...if they can't connect to them then it does no good for you to make your services available to the Internet if nobody know how to get there.

LAN Addresses are RFC Private, meaning they don't work on the Internet and it also means that everyone else is using the same thing on their LAN,...so they aren't "secret" either,..so faking them does nothing useful either.

Bottom lines:
1. Need the real addresses to give an honest answer
2. Yes you probably need to split the subnet or use RFC Private Addresses on the DMZ.  But it is impossible to give authoritative answers on that with everything being faked.

_____________________________

Phillip Windell

(in reply to ashuman)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> DMZ >> Perimiter for OCS - Dropping packets as spoofed ? Split Subnet? Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts