http://www.ISAserver.org ------------------------------------------------------- It's the way I always do it. Just ignore the spurious "spoofing" messages you see from time to time from the VPN clients. HTH, Tom Thomas W. Shinder, M.D., MCSE || Sr. Consultant / Technical Writer shinder@xxxxxxxxxxxxxxxxxxxxx || www.prowessconsulting.com Mobile: Pending || Phone: Pending || Fax (206) 443.1119 Blog: http://blogs.isaserver.org/shinder || Books: http://tinyurl.com/2gpoo8 PROWESS CONSULTING || documentation || integration || virtualization > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of > Andy Haigh > Sent: Tuesday, August 12, 2008 8:22 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Spoofing - ISA 2006 SP1 > > http://www.ISAserver.org > ------------------------------------------------------- > > If this is not the way to set VPN clients up, why does ISA allow you to > use the internal DHCP to provide addresses? > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Jim Harrison > Sent: Tuesday, 12 August 2008 3:23 PM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Spoofing - ISA 2006 SP1 > > http://www.ISAserver.org > ------------------------------------------------------- > > Don't use the same network range for VPN and internal networks. > This isn't new since SP1. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] > On Behalf Of Raji Arulambalam > Sent: Monday, August 11, 2008 10:17 PM > To: [ISAserver Discussion List] > Subject: [isalist] Spoofing - ISA 2006 SP1 > > http://www.ISAserver.org > ------------------------------------------------------- > > Hi > I am getting these messages since applying SP1. > This is for incoming VPN connections that get their IP# assigned from > DHCP from the internal network. > The ISA servers' internal network addresses is also 172.16.90.0/24 > > How do I fix this? Would I exclude these ip# range from the internal > network addresses? > > Cheers > Raji > > > ...... > Description: ISA Server detected a spoof attack from Internet Protocol > (IP) address 172.16.90.4. A spoof attack occurs when an IP address that > is not reachable via the interface on which the packet was received. If > logging for dropped packets is set, you can view details in the firewall > log. > > Description: ISA Server detected routes through the network adapter > Internal NIC 172 net that do not correlate with the network to which > this network adapter belongs. When networks are configured correctly, > the IP address ranges included in each array-level network must include > all IP addresses that are routable through its network adapters > according to their routing tables. Otherwise valid packets may be > dropped as spoofed. The following ranges are included in the network's > IP address ranges but are not routable through any of the network's > adapters: 172.16.90.4-172.16.90.4;. Note that this event may be > generated once after you add a route, create a remote site network, or > configure Network Load Balancing and may be safely ignored if it does > not re-occur. > > The routing table for the network adapter Internal includes IP address > ranges that are not defined in the array-level network VPN Clients, to > which it is bound. As a result, packets arriving at this network adapter > from the IP address ranges listed below or sent to these IP address > ranges via this network adapter will be dropped as spoofed. To resolve > this issue, add the missing IP address ranges to the array network. > The following IP address ranges will be dropped as spoofed: > Internal:172.16.90.4-172.16.90.4; > '''''' > > Email disclaimer: This email and any attachments are confidential. If > you are not the intended recipient, do not copy, disclose or use the > contents in any way. If you receive this message in error, please let us > know by return email and then destroy the message. Environment Bay of > Plenty is not responsible for any changes made to this message and/or > any attachments after sending. > ****************************************************** > This e-mail has been checked for viruses and none. > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx