• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

spoofed IP to published websites

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> spoofed IP to published websites Page: [1]
Login
Message << Older Topic   Newer Topic >>
spoofed IP to published websites - 19.Dec.2010 6:54:27 PM   
mhewitson

 

Posts: 8
Joined: 9.Jan.2007
Status: offline
I have a TMG 3-NIC sitting behind an edge firewall. The edge firewall has a DMZ that I have the NIC2 (DMZ) interface plugged into

NIC1 (External): 10.1.2.1
NIC2 (DMZ) : 201.45.67.89
NIC3 (Internal) 192.168.0.1

Default route is going out NIC1 to the edge firewall

I am getting packets dertermined as spoofed, as when external people try to access my weblisteners on NIC2, it thinks the packets should be arriving via NIC1

I have the following ISA networks defined:

External (built-in)
Internal (with all our internal networks defined)
Perimeter (with 201.45.67.0 - 201.45.67.255 defined)

Obviously I cannot add all these external internet networks to 'Perimeter' network, what am I missing?
TIA

< Message edited by mhewitson -- 20.Dec.2010 1:41:15 AM >
Post #: 1
RE: spoofed IP to published websites - 20.Dec.2010 11:07:07 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

if the packets come from one NIC (NIC2)and try to return using a different one (NIC1), ISA identifies it as spoof packet.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to mhewitson)
Post #: 2
RE: spoofed IP to published websites - 20.Dec.2010 3:28:38 PM   
mhewitson

 

Posts: 8
Joined: 9.Jan.2007
Status: offline
Hi Paul, thanks for responding.

Yes, I realise that. I guess what I need to know is how I should be configuring it so that I can publish websites via the DMZ interfce. I could create an inbound NAT on the edge firewall to translate inbound external IPs to the interface that the NIC2 connects to. That would get around my problem, but im not sure if this is best practice.

Does anyone know where I can find documentation on configuring 3-leg ISA/TMG behind edge firewalls?

(in reply to paulo.oliveira)
Post #: 3
RE: spoofed IP to published websites - 20.Dec.2010 4:43:47 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

IMO, the best way to achive it is to connect TMG external NIC to your edge firewall DMZ NIC.

There are some articles on this website talking about ISA back-to-back configuration.

Regards,
Paulo Oliveira.

_____________________________

Microsoft Premier Field Engineer (PFE)
Blog: http://poliveirasilva.wordpress.com/
Twitter: https://twitter.com/poliveirasilva

(in reply to mhewitson)
Post #: 4
RE: spoofed IP to published websites - 22.Dec.2010 8:09:36 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Just make sure that the firewall is in the request/response path for the connections to the web sites.

You might need to make a TMG Firewall Network definition to support this, depending on the firewall's current NIC configuration.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to paulo.oliveira)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> spoofed IP to published websites Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts