I have a Laptop that goes onto our wireless network via Cisco 1100 APs. It is given a DHCP address. When it tries to access the outside world, the PIX firewall wont let it out and says its spoofing the address. Any ideas as to why? or atleast how to let it out?
Is this the syslog message that your getting? Do a ipconfig/all on your laptop, and see if the ip address is a internal network ip address? If not do a ipconfig/release, then a ipconfig/renew, then try it your connection again.
Error Message %PIX-2-106016: Deny IP spoof from (IP_address) to IP_address on interface interface_name.
This message is logged when the firewall discards a packet with an invalid source address. Invalid source addresses are those addresses belonging to the following:
Loopback network (127.0.0.0)
Broadcast (limited, net-directed, subnet-directed, and all-subnets-directed)
The destination host (land.c)
Furthermore, if the sysopt connection enforcesubnet command is enabled, PIX Firewall discards packets with a source address belonging to the destination subnet from traversing the firewall and logs this message.
I have found my SPoofing problem. AParently, my boss, who has a Static IP for his hardwire connection to our network, has also been using his wireless card at the same time, which is where the DHCP address is coming from, and he has some software that is for use with a TIVO. This is causing our Unix server to send out spoofed messages for some reason. The reason why he was having trouble getting outside our network was because he was using his hom DNS sever rather than our work one with the wireless card.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :