We have ISA Server 2004 running on Windows Server 2003 SP2.

It has 2 NICs - one internal called LAN on 192.168.16.2, with a subnet of 255.255.255.0, and one external called WAN on 93.x.x.2. The default gateway is 93.x.x.1 (our modem). This machine also accepts VPN connections.

We are having a problem with a scanner, which is trying to save a scan into a network share.

Every time we try to scan, ISA Server logs the following Denied Connection

• Log type: Firewall service
• Status: A packet was dropped because ISA Server determined that the source IP address is spoofed.
• Rule:
• Source: Internal ( 192.168.16.54:1024)
• Destination: Internal ( 192.168.16.255:137)
• Protocol: NetBios Name Service

Pinging 192.168.16.54 from the ISA Server works fine.

In ISA Server, going into Configuration → Networks, there are 5 Networks : - External (inbuilt) - Internal (defined as 192.168.16.0 → 192.168.16.255) - Local Host (inbuilt) - Quarantined VPN Clients (inbuilt) - VPN Clients (inbuilt)

Finally, under Network Connections → Advanced → Advanced Settings..., the connections are in the following order : - LAN - WAN - [Remote Access Connections]

If we try to scan onto a workstation it works fine.

Please let me know if you need any more info - many thanks.

RB.