Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

message_info address spoofing

Status
Not open for further replies.
oedipian

oedipian

IS-IT--Management
Sep 12, 2002
6
GB
Hi all,

Here is the probelm I have.

My firewall manages communication between 3 subnets. One of these subnets (the company's LAN) is connected via a router to a WAN.

My purpose is to allow a host in that WAN (but outside the LAN) to access a server located in another subnet (DMZ).

I have set up the proper rules to do so, but whenever this host tries to connect, communication is dropped and the log shows a message : "message_info address spoofing"

I have tried to perform NAT in order to go around it, but I don't know much about NAT so I don't know how to set it up.
Unfortunately, as I read the manual, I understood that anti-spoofing could not be disabled. Can't it really?

Thanks in advance for your precious advice.
 
Sort by date Sort by votes
The problem is that the IP address that you are staring from (Wan address) is not in the range of addresses known to the firewall for that lan segment.
This can be acheved by greating a group object containing the local lan
the address of the host in the wan (create new node)

Within the firewall object - topology
edit the interface specific to the local lan
in the interfaces own topology select internal - specifc
and chose the new group object

(you will also notice that you can deactivate anti spoofing from here but dont)
 
Upvote 0 Downvote
I just read my last post and i will now write it in english

The problem is that the IP address that you are staring
from (Wan address) is not in the range of addresses known to the firewall for that lan segment.

To let the firewall accept the wan as part of that segment you need to add it to the firewall objects topology

1. create a group object containing the a network object (local lan) and a new node object (host IP address in the wan)

2. open the firewall object
3. select topology and edit the interface specific to the local lan
4. in the interfaces own topology select internal - specifc
and chose the new group object created in 1

(you will also notice that you can deactivate anti spoofing from here but dont)


Hope this makes a little more sence
 
Upvote 0 Downvote
Thank you very much, it seems to work now, as I can ping the WAN host from my firewall.

Best regards
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
704
Sameer258
Sameer258
brownmab53
  • Locked
  • Question
PIX 525 ASA not allowing DHCP addresses to pass through to router
Replies
0
Views
151
brownmab53
brownmab53
danstaunton
  • Locked
  • Question
Change of VPN peer IP address - Cisco 877
Replies
0
Views
75
danstaunton
danstaunton
brk1221
  • Locked
  • Question
Change multiple addresses on an ASA 5510
Replies
5
Views
176
iggsterman
iggsterman
s020822
  • Locked
  • Question
Access to WAN IP Address fron inside network
Replies
0
Views
63
s020822
s020822

Part and Inventory Search

Sponsor

Back
Top