Intermittent Firewall 15108 Events on SBS2003/ISA2004
- From: Tom Walker <twalker@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 01 Dec 2005 10:12:50 +0000
I'm getting a small number of 15108 events around the times when a remote user connects through VPN.
Our internal LAN IP addresses are 10.0.0.x.
Most of the 15108s quote IP addresses in the 10.0.0.11 to 10.0.0.17 range - all allocated to the server, according to DHCP.
The other 15108 quotes 192.168.2.2 which I believe is the remote client's IP address connecting to the remote ADSL Modem/Router (client connects via a VPN dial-up).
Not experiencing any abnormal behaviour connecting or working remotely so should I be doing anything about these messages?
And why does Firewall flag up 15108s for addresses allocated to the server?
Further info:
1. Internal address range in ISA is 10.0.0.0 to 10.0.0.255 plus 10.255.255.255. DHCP address pool has 10.0.0.1 to 10.0.0.254 with 10.0.0.1 to 10.0.0.9 excluded (and 10.0.0.113 which is reserved for a network printer).
2. Internal server IP (10.0.0.2) has no default gateway and only DNS entry is 10.0.0.2.
3. External server IP is 192.168.0.2 with default gateway 192.168.0.1 (ADSL Router). DNS is set to 10.0.0.2.
4. DNS has forwarders pointing to our ISP's primary and secondary DNS servers.
.
- Follow-Ups:
- RE: Intermittent Firewall 15108 Events on SBS2003/ISA2004
- From: "Crina Li"
- RE: Intermittent Firewall 15108 Events on SBS2003/ISA2004
- Prev by Date: Re: Quota and who is using my drive?
- Next by Date: Restrict folders for a User in SBS
- Previous by thread: RE: Publish SMTP server behind windows Small business 2003 premium
- Next by thread: RE: Intermittent Firewall 15108 Events on SBS2003/ISA2004
- Index(es):
Relevant Pages
|
