Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SSL VPN - IP spoof dropped from server to NetExtender client

SSA5505SSA5505 Newbie ✭

Yesterday with a brand new setup for a short time we did have connectivity to two servers. After an hour when this was working one of the servers did not respond. Then eventually both stopped responding. In the system logs I get the error logged that the source (server) dropped going to the IP of my SSLVPN client address.

One thing that does stand out. We have two interfaces & two subnets. Port X0 is the regular LAN (192.168.0.0/24) and port X5 is the 2nd (192.168.1.0/24). Connected to the SSLVPN I go to ping 192.168.0.5, and this gets logged:

Event: IP Spoof Detected
Message: IP spoof dropped
Source IP: 192.168.0.6
Source Interface: X0

Destination IP: 192.168.0.220
Destination Interface: X5
Source Zone: LAN
Destination Zone: SSLVPN

Now somewhat frustrating, the Sonicwall is connected to both LANs, and the servers in question connect to both LANs (though the interface for 192.168.1.0 subnet does not use gateway). We have similar setup several times using Sonicwall to connect to Windows server that has dual LAN interfaces. One thing is I did not setup this TZ firewall, only came in after during project startup.

One area of confusion, our ports are configured as:

XO: LAN\192.168.1.0/24

X5: HM\192.168.0.0/24

So I do not see why the source interface listed above would be XO and not X5. I am essentially pinging from my laptop using NetExtender client to the server at the site. My NE client does get the routes to both subnets.

Category: SSL VPN
Reply
Sign In or Register to comment.