• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Spoofing Packet Dropped - Denied Connection - Complex setup

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Spoofing Packet Dropped - Denied Connection - Complex setup Page: [1]
Login
Message << Older Topic   Newer Topic >>
Spoofing Packet Dropped - Denied Connection - Complex s... - 2.Jul.2010 1:40:19 PM   
jwashburn

 

Posts: 102
Joined: 4.Sep.2001
Status: offline 		Here is the scenario. ISA 2006 server with external network 172.16.3.x internal network is 172.16.1.x. ISA is being used as reverse proxy for OCS 2007 R2 environment. It is NOT the gateway device for clients on the 172.16.1.x network.

Users on the 172.16.1.x network are having problem downloading Address books from OCS. In order to get the address book the Communicator client hits a URL which is pointing to the External interface of the ISA server. It works fine for external users of course because the are not inside the ISA

I looked at the logging in the ISA server and the reason is 0xc0040014 FWX_E_FWE_SPOOFING_PACKET_DROPPED

Log type: Firewall service
Status:
Rule:
Source: Internal (172.16.1.110:59410)
Destination: Local Host (172.16.3.150:443)
Protocol: HTTPS
User:


I understand why it thinks its spoofing because it an IP on the internal network hitting the external interface. I tried several variations of rules trying to allow the traffic without luck. I have even tried disabling spoof detection, but we still get the spoofing packet dropped messages.

Any ideas on how to make a rule that would work or to actaully get spoof detection turned off?
Post #: 1
RE: Spoofing Packet Dropped - Denied Connection - Compl... - 3.Jul.2010 6:26:16 PM   
aliyanisabrey

 

Posts: 99
Joined: 12.Feb.2009
Status: offline 		try out the link below:

http://support.microsoft.com/kb/838114

(in reply to jwashburn)
Post #: 2
RE: Spoofing Packet Dropped - Denied Connection - Compl... - 6.Jul.2010 10:26:34 AM   
jwashburn

 

Posts: 102
Joined: 4.Sep.2001
Status: offline 		Thanks for the link. I should have been more clear when I said we turned off spoof protection. Making the change outlined in the kb article doesnt seem to have done anything.

(in reply to aliyanisabrey)
Post #: 3
RE: Spoofing Packet Dropped - Denied Connection - Compl... - 9.Jul.2010 6:39:29 PM   
aliyanisabrey

 

Posts: 99
Joined: 12.Feb.2009
Status: offline 		feel sorry if doesnot help.. by the way.. I am not very clear about your scenario putting your ISA server as a reverse proxy. I thought, if configuring ISA server as reverse proxy, the ISA server itself was in DMZ network. am I correct?

(in reply to jwashburn)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> Spoofing Packet Dropped - Denied Connection - Complex setup Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts