real issue this time.. i promise....
We pas PPTP to a machine behind the firewall. Most users setup their
VPN connection using the default setting of "Use default gateway on
remote network." When these users are connected, all of their traffic
to the internet will attempt to go out the Gnatbox. That's pretty
standard stuff. The problem here lies in the fact that the Gnatbox is
seeing their internet IP as the source of this outbound traffic, instead
of seeing their internal network IP. The result is tons of spoof alarms
in the log. An example alarm follows:
DATE: Wed 2002-02-20 08:26:57 CST
INTERFACE: PROTECTED (fxp0)
INTERFACE TYPE: Protected
ALARM TYPE: Possible spoof
IP PACKET: TCP [24.27.81.20/1284]-->[24.27.1.29/80] l=0 f=0x4
Is this a bug in Gnatbox? I know many of you would say "just change the
setting" but we are dealing with a user education issue in that digging
6 levels deep into connection settings is too much for most of them to
handle. I don't recall seeing this in the past with older versions, but
I've seen it with 3.2.2, 3.2.3, and 3.2.4. Anyone have any idea why the
firewall is seeing their Inet IP's?
Chris Green
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
