Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

IP Spoof?

robprose77robprose77 Newbie ✭
in Mid Range Firewalls

I recently connected a Gen7 NSa-2700 to a Gen6-2600 using a VPN tunnel interface with OSPFv2 routing on it. This has been done using TZ series devices with no problem. Recently I had the customer start telling me that they are seeing 1 -2 minute traffic drops randomly and in the logs on the 2700 I see that the 2600 dropped and wasn't responding to the reconnect. In the 2600 I am seeing IPS blocking packets from the WAN IP of the 2700 saying that it's an IP Spoof. I have gone through so many articles and sites and the only thing I can find about this is a reference to the dual AWS connections and enabling Asymmetric Route Support.

Category: Mid Range Firewalls
Reply
Tagged:

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Have you considered adding an exception to IPS for the NSA2700's WAN IP address?

  • robprose77robprose77 Newbie ✭

    I just did and the Spoof alerts are still there. The interesting thing I am seeing is that the WAN IP of the 2700 shows it's source internface to be X1 on the 2600 with a destination of X1 on the 2600. The 2600 is in a HA cluster. Could this be the source of the problem? Could traffic somehow be routing from one to the other in the cluster causing this to happen?

  • kthorkthor Newbie ✭

    Means the source ip address of the traffic is not in the routing table, weather that is due to ospf timeouts or other?

Sign In or Register to comment.