Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] IP spoof errors on the firewall in the event log when a Dial-UP VPN connection is established

0

0

Article ID: KB15940 KB Last Updated: 18 Jun 2010Version: 2.0
Summary:
IP spoof errors on the firewall in the event log when a Dial-UP VPN connection is established.
Symptoms:
Firewall reports IP Spoof error in the event log when a user initiates a Dial-Up-VPN connection to the firewall:
IP Spoof has been detected! From 192.168.1.x/32 to 192.168.1.y
The VPN phase 1 and phase 2 is UP but unable to pass traffic through the VPN tunnel
Solution:
The user PC IP subnet and the firewall Trust subnet are in the same range 192.168.1.0/24. In this condition when there is no X-Auth configured, the user PC will pick up an IP address from the subnet 192.168.1.0/24 which will be used as a source IP for communicating with the VPN tunnel. As both the Trust IP on the firewall and the PC subnet share the same IP, the firewall gets confused to route the packet or the end server behind the firewall will not route it to the firewall as the destination address is part of the local subnet on the server.

To address the problem, configure an X-Auth setting with an IP Pool range which is out of 192.168.1.0/24 subnet.
With the X-Auth setting on the Dial-Up-VPN,  the remote user PC will get a different IP range on the Virtual adapter and that will be used as a source IP to communicate on the VPN tunnel.

Refer to the following KB articles on configuring Multiple NetScreen-Remote VPN Clients using the same IKE ID(Shared IKE) and XAuth:

KB14883 (ScreenOS 6.x) or
KB6623
(ScreenOS 5.x)

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search