Re: [gb-users] alerts driving me batty.. please look

Wed, 20 Feb 2002 08:20:35 -0800 


Chris,

I think you need to tick check the configuration of the inbound tunnel for
the PPTP entry. Make sure that the "Hide source" box is ticked



|---------+--------------------------->
|         |           "Chris Green"   |
|         |           <cgreen@greenfam|
|         |           .org>           |
|         |                           |
|         |           20/02/2002 14:57|
|         |                           |
|---------+--------------------------->
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                    
                                                              |
  |        To:      "Gnatbox" <[EMAIL PROTECTED]>                                       
                                                              |
  |        cc:                                                                         
                                                              |
  |        Subject: [gb-users] alerts driving me batty.. please look                   
                                                              |
  
>--------------------------------------------------------------------------------------------------------------------------------------------------|




real issue this time.. i promise....

We pas PPTP to a machine behind the firewall.  Most users setup their
VPN connection using the default setting of "Use default gateway on
remote network."  When these users are connected, all of their traffic
to the internet will attempt to go out the Gnatbox.  That's pretty
standard stuff.  The problem here lies in the fact that the Gnatbox is
seeing their internet IP as the source of this outbound traffic, instead
of seeing their internal network IP.  The result is tons of spoof alarms
in the log.  An example alarm follows:

          DATE: Wed 2002-02-20 08:26:57 CST
     INTERFACE: PROTECTED (fxp0)
INTERFACE TYPE: Protected
    ALARM TYPE: Possible spoof
     IP PACKET: TCP  [24.27.81.20/1284]-->[24.27.1.29/80]  l=0 f=0x4


Is this a bug in Gnatbox?  I know many of you would say "just change the
setting" but we are dealing with a user education issue in that digging
6 levels deep into connection settings is too much for most of them to
handle.  I don't recall seeing this in the past with older versions, but
I've seen it with 3.2.2, 3.2.3, and 3.2.4.  Anyone have any idea why the
firewall is seeing their Inet IP's?

Chris Green

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
 e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
To subscribe to the digest version first unsubscribe, then
 e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to