This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

When in IPSec L2TP connection Spoof Warning!

Dear All,

has anyone any idea about the following?

When accessing the internal network thru a VPN connection (L2TP from windows) I get connected succesfully, I can ping and do everything...

But if I try to access an address on the internal net as following :

https://192.168.10.1:5000

In the packet filter I get DROP: SPOOF MAC >

And I get no connection.

If then I disable spoof protection in the ADVANCED tab of the packet filter, it works fine.

Any idea?

Thank you in advance!
Dave

Some info:
VPN pool : 10.10.10.0
Internal : 192.168.10.0

This thread was automatically locked due to age.

0 NimmdirKeks over 19 years ago

Strange.
Do you route into internal network, or do you have a masq rule to hide the VPN pool?
Like from vpn-pool to internal-net masq on internal-interface?
Cancel
Vote Up 0 Vote Down

Cancel
0 ^-^Neko over 19 years ago in reply to NimmdirKeks

Hi,

I've setup both:

- Masquerading IPSec-Pool -> Internal-Interface
- Firewall Rule "ALLOW" IPSec-Pool -> Internal_network
(service ANY)

From the IPSec-Pool...is it correct to set a masquerading for accessing the internal network devices?

Thank you!

Dave
Cancel
Vote Up 0 Vote Down

Cancel
0 VelvetFog over 19 years ago in reply to ^-^Neko

[ QUOTE ]

- Masquerading IPSec-Pool -> Internal-Interface
- Firewall Rule "ALLOW" IPSec-Pool -> Internal_network
(service ANY)

From the IPSec-Pool...is it correct to set a masquerading for accessing the internal network devices?

[/ QUOTE ]You should masquerade your IPsec-Pool address range behind the WAN interface, if you want general Internet access while connected via a VPN. Masquerading the IPsec-Pool addresses behind the Internal interface is not necessary.
Cancel
Vote Up 0 Vote Down

Cancel