Unknown IP from the SSL VPN pool
I have an IP address attempting to connect to ldap and netbios through the tun0 interface but they aren't in the registered/authenticated users. The IP address is in the same pool as the SSLVPN users. I have a rule to allow SSL VPN users but traffic from this particular IP is blocked, apparently because they are not authenticated. Any ideas where this mystery IP is coming from?
0
Sign In to comment.
Comments
Care to post some sample Traffic Monitor log messages showing this?
Interestingly, such traffic stopped showing up. I wonder if the tunnel remained open after the authentication timed out or failed for a user. I'll post screenshots if I see this again but the source ip was in the same subnet as the SSLVPN range. The destinations were all domain controllers. The ports included ldap and netbios.