http://www.ISAserver.org ------------------------------------------------------- Unless you're using DHCP to assign VPN client addresses :) Thomas W. Shinder, M.D., MCSE || Sr. Consultant / Technical Writer shinder@xxxxxxxxxxxxxxxxxxxxx || www.prowessconsulting.com Mobile: Pending || Phone: Pending || Fax (206) 443.1119 Blog: http://blogs.isaserver.org/shinder || Books: http://tinyurl.com/2gpoo8 PROWESS CONSULTING || documentation || integration || virtualization > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of > Jim Harrison > Sent: Tuesday, August 12, 2008 12:23 AM > To: isalist@xxxxxxxxxxxxx > Subject: [isalist] Re: Spoofing - ISA 2006 SP1 > > http://www.ISAserver.org > ------------------------------------------------------- > > Don't use the same network range for VPN and internal networks. > This isn't new since SP1. > > -----Original Message----- > From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On > Behalf Of > Raji Arulambalam > Sent: Monday, August 11, 2008 10:17 PM > To: [ISAserver Discussion List] > Subject: [isalist] Spoofing - ISA 2006 SP1 > > http://www.ISAserver.org > ------------------------------------------------------- > > Hi > I am getting these messages since applying SP1. > This is for incoming VPN connections that get their IP# assigned from DHCP > from the > internal network. > The ISA servers' internal network addresses is also 172.16.90.0/24 > > How do I fix this? Would I exclude these ip# range from the internal network > addresses? > > Cheers > Raji > > > ...... > Description: ISA Server detected a spoof attack from Internet Protocol (IP) > address > 172.16.90.4. A spoof attack occurs when an IP address that is not reachable > via the > interface on which the packet was received. If logging for dropped packets is > set, you > can view details in the firewall log. > > Description: ISA Server detected routes through the network adapter Internal > NIC 172 > net that do not correlate with the network to which this network adapter > belongs. > When networks are configured correctly, the IP address ranges included in > each array- > level network must include all IP addresses that are routable through its > network > adapters according to their routing tables. Otherwise valid packets may be > dropped as > spoofed. The following ranges are included in the network's IP address ranges > but are > not routable through any of the network's adapters: 172.16.90.4-172.16.90.4;. > Note that > this event may be generated once after you add a route, create a remote site > network, > or configure Network Load Balancing and may be safely ignored if it does not > re- > occur. > > The routing table for the network adapter Internal includes IP address ranges > that are > not defined in the array-level network VPN Clients, to which it is bound. As > a result, > packets arriving at this network adapter from the IP address ranges listed > below or > sent to these IP address ranges via this network adapter will be dropped as > spoofed. > To resolve this issue, add the missing IP address ranges to the array network. > The following IP address ranges will be dropped as spoofed: > Internal:172.16.90.4-172.16.90.4; > '''''' > > Email disclaimer: This email and any attachments are confidential. If you are > not the > intended recipient, do not copy, disclose or use the contents in any way. If > you receive > this message in error, please let us know by return email and then destroy the > message. Environment Bay of Plenty is not responsible for any changes made to > this > message and/or any attachments after sending. > ****************************************************** > This e-mail has been checked for viruses and none. > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > > > ------------------------------------------------------ > List Archives: //www.freelists.org/archives/isalist/ > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server Articles and Tutorials: > http://www.isaserver.org/articles_tutorials/ > ISA Server Blogs: http://blogs.isaserver.org/ > ------------------------------------------------------ > Visit TechGenix.com for more information about our other sites: > http://www.techgenix.com > ------------------------------------------------------ > To unsubscribe visit http://www.isaserver.org/pages/isalist.asp > Report abuse to listadmin@xxxxxxxxxxxxx > ------------------------------------------------------ List Archives: //www.freelists.org/archives/isalist/ ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server Articles and Tutorials: http://www.isaserver.org/articles_tutorials/ ISA Server Blogs: http://blogs.isaserver.org/ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ To unsubscribe visit http://www.isaserver.org/pages/isalist.asp Report abuse to listadmin@xxxxxxxxxxxxx