Announcement

Collapse
No announcement yet.

VLANS and spoofing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VLANS and spoofing

    ISP router>>>>>Firewall(WatchGaurd)>>>> Cisco 3750 switch (VESTAL)>>> Connected to Core Switch 3750(VTP)>>>> All other switches are connect to the CORE switch in a star config.
    Have VLAN Trunking established on all switches. Default VLAN is 1(10.100.0.1) and created VLAN5 (10.100.8.1)
    The core switch 3750 is in routing mode. All traffic on VLAN1 can access the internet (http) no problem.
    I have added one port (for testing) to VLAN 5 and created a pool on my dhcp server (ip helper address on the core switch) and the laptop is connect to this VLAN 5 and receives IP address 10.100.8.10.
    Here is the problem, When trying to access a web site, I get spoofing. I can ping yahoo.com and receive replies however, I cannot browse any websites.

    What am I doing incorrectly?
    Since the firewall is connected to VESTAL, should I have setup the VTP server on this switch?

  • #2
    Re: VLANS and spoofing

    Here is the problem, When trying to access a web site, I get spoofing
    What do you mean by this?
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment


    • #3
      Re: VLANS and spoofing

      WatchGuard firewall log displays this message.


      2012-04-23 17:27:07 Deny 10.100.8.10 204.85.32.24 http/tcp 2075 80 1-Trusted 0-External ip spoofing sites 48 126 (Internal Policy) proc_id="firewall" rc="101" tcp_info="offset 7 S 1359405966 win 65535" Traffic

      Comment


      • #4
        Re: VLANS and spoofing

        Sounds like you need to check the policy on the Watchguard. It almost looks like that 10.100.8.0 subnet isnt being natted on the way out. RFC 1918 addresses are not routable on the internet hence the spoofing message on the watchguard. Check and make sure the 10.100.8.0 subnet is part of your nat policy.
        CCNA, CCNA-Security, CCNP
        CCIE Security (In Progress)

        Comment


        • #5
          Re: VLANS and spoofing

          It is configured as follows: 10.100.0.0/8 -Any external

          Comment


          • #6
            Re: VLANS and spoofing

            Well that network is part of the 10.0.0.0/8 major network. Not sure why it's put in there as 10.100.0.0/8 though as a /8 would be 10.0.0.0/8 . I would change it to 10.100.0.0/16.
            CCNA, CCNA-Security, CCNP
            CCIE Security (In Progress)

            Comment

            Working...
            X