Thursday, November 15, 2012 10:56 AM
I have Main office and branch linked with 2 TMG 2010 (+ all SP's and all rollups) over PPTP site-to site.
Sometimes some clients can't access to main office sourses with 0xc0040014 FWX_E_FEW_SPOOFING_PACKET_DROPPED on branch's TMG; internet sill works.
Everytime diffrent client, but no more then 1 at once.
There are 2 providers on branch office with ISP.
Thursday, November 15, 2012 10:59 AM
Everytime I add exception to DHCP server for problem client host and ipconfig /release & ipconfig /renew.
Monday, November 19, 2012 5:17 AMModerator
Thank you for the post.
Which subnet was blocked by TMG server and report as spoofed? If the source IP doesn’t belong to the internal network as spoofed, please refer to this blog: http://blogs.technet.com/b/isablog/archive/2010/08/18/understanding-a-scenario-where-tmg-drops-the-packet-as-spoofed-even-when-the-source-ip-doesn-t-belong-to-the-internal-network.aspx
Nick Gu - MSFT
Monday, November 19, 2012 10:51 AM
That is a problem, blocked ip belongs to internal network.
source: internal, target: site2site.
I tryed to reconfigure internal network by adding network card, but problem still is.
Friday, November 23, 2012 6:32 AMModerator
Thank you for the update.
Please make sure default gateway on the external adapter of TMG is not missing, and check if VPN clients overlaps the internal network range. If have, you should exclude the VPN address ranges from the Internal network Range.
Recommended Network Adapter Configuration for Forefront TMG Enterprise Edition Servers
Nick Gu - MSFT
Friday, November 23, 2012 1:45 PM
Branch TMG configured with load-balancing ISP: 1st provider 90% for users internet access; 2nd 10% for PPTP connection - there is route destination - <main office ip>, gateway - <2nd provider's gateway>.
Internal network: 192.168.3.0/24; VPN: static address pool (192.168.254.50-99), 1 client connects to TMG with ip 254.55 - static ip address added in user's account in AD.
Thursday, December 06, 2012 4:32 AMany ideas?