Hi all, I am running Checkpoint Firewall-1 NG AI on a Sun (Solaris 9) box. One of our company guests wanted to VPN out from our office LAN to his office. My manager asked me to configure a different network for guests and allow only VPN ports to go out from guests network port.
Our office LAN is 192.168.6.x. One of our Sun boxes has 2 network interaces. Primary network interface is 192.168.6.32. I assigned 172.16.0.6 to the Secondary interface and connected that to a hub. I also configured a DHCP server on the Sun box(172.16.0.1 to 172.16.0.254 range). If a PC or a Laptop is connected to one of the HUB ports, PC or Laptop will get an IP from the Sun box (DHCP server). Later I installed Sun Screen Firewall software on the Sun box. Added an arp entry on the Sun box: /usr/sbin/arp -s 192.168.6.30 00:03:ba:08:77:00 pub 00:03:ba:08:77:00 is the external interface's ethernet address (Sun box). Our Network diagram: HUB-->172.16.0.6-->Sunscreen FW-->192.168.6.32-->Melb Router-->Sydney Router-->Checkpoint Firewall-->Internet Allowed IKE/IPSEC and http ports on both Sunscreen Firewall box and on Checkpoint Firewall box. Guest did the following to VPN out: 1. Connected her Laptop to the HUB. 2. DHCP server assigned 172.16.0.19 to the Laptop. 3. Laptop can access the Internet without any problems. 4. She tried to VPN out using some VPN client (not Checkpoint SecuRemote). 5. She can't even authenticate. 6. I checked the logs, it says Number: 81934 Date: 15Feb2005 Time: 12:00:00 Product: VPN-1 & FireWall-1 Interface: hme1 Origin: proxy (192.168.1.1) Type: Alert Action: Drop Service: IKE (500) Source: 172.16.0.19 Destination: 15.219.233.198 Protocol: udp Source Port: IKE (500) Information: message_info: Address spoofing Number: 81961 Date: 15Feb2005 Time: 12:00:17 Product: VPN-1 & FireWall-1 Interface: hme1 Origin: proxy (192.168.1.1) Type: Alert Action: Drop Service: 2967 Source: 172.16.0.19 Destination: 15.64.1.127 Protocol: udp Source Port: 1029 Information: message_info: Address spoofing Why does it say address spoofing in the logs? Why does the FW drops the IKE traffic even though IKE port is open? I am getting these error messages on Checkpoint FW. Any help would be really appreciated. Thanks, Rajesh. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
