Getting event ID: 15108 (spoof attack) after adding extra NIC to ISA 2000
- From: tim S <tim724342@xxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Fri, 3 Dec 2004 10:08:04 -0800 (PST)
Here is my network setup:
Internet
|
|
Cisco Router
---------------------------------------------------------------------
|
|
|
|
| 192.168.0.0/16
|
ISA 2000 ----------------------------------------------------------Netscreen
VPN gateway box
| 10.10.10.1 (internal NIC)
|
Internal network (private)
The second external ISA NIC connecting netscreen:
IP: 192.168.0.1
Mask: 255.255.0.0
Gateway: <nothing>
DNS: <nothing>
Default Gateway is configured on the NIC that connects to CISCO router.
IP:203.x.x.x
mask:255.255.255.0
Gateway: 203.x.x.1
Netscreen interface connecting to ISA is 198.168.0.47
My LAT only has 10.10.10.1 - 10.10.10.254
I have a static route in ISA's routing table for the customer?s site as follows:
IP: 168.x.x.x <--> Mask: 255.255.255.255 <--> gateway: 192.168.0.47 <-->
Interface: 192.168.0.1
With this setup, I am getting the spoof attack warning in the event log. Went
over a KB article, but couldn't understand why this setup would be a problem.
Other than that, my VPN connection works fine.
Also, is it safe to assume that if I don't have the 192.168.0.1 - 192.168.0.254
range in LAT, ISA considers it as external network and applies all policies and
rules as any other traffic from internet connection? (Want to make sure that
it doesn't simply NAT)
Thanks for your help!
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
Other related posts:
- » Getting event ID: 15108 (spoof attack) after adding extra NIC to ISA 2000
