Unknown IP from the SSL VPN pool

I have an IP address attempting to connect to ldap and netbios through the tun0 interface but they aren't in the registered/authenticated users. The IP address is in the same pool as the SSLVPN users. I have a rule to allow SSL VPN users but traffic from this particular IP is blocked, apparently because they are not authenticated. Any ideas where this mystery IP is coming from?

Comments

  • Care to post some sample Traffic Monitor log messages showing this?

  • Interestingly, such traffic stopped showing up. I wonder if the tunnel remained open after the authentication timed out or failed for a user. I'll post screenshots if I see this again but the source ip was in the same subnet as the SSLVPN range. The destinations were all domain controllers. The ports included ldap and netbios.

Sign In to comment.