Endpoint Protection

 View Only
Expand all | Collapse all

00:53:45 MAC Addresses

  • 1.  00:53:45 MAC Addresses

    Posted Jun 22, 2010 10:22 AM

    Just a quick question. Most of my VPN users in SEPM have MAC addresses of 00:53:45:00:00:00 along with the VPN IP address. This info is found under client view>network tab.

    Trying to figure out what this is about. Most of the VPN users have this setup:

    00:53:45:00:00:00 - VPN IP
    Local NIC Mac - Local IP

    Any ideas as to what this 00:53:45 MAC address is refering to? Thanks!

    Mike




  • 2.  RE: 00:53:45 MAC Addresses

    Posted Jun 22, 2010 10:32 AM
    The 00:53:45:00:00:00 is a virtual adapter that was created during the installation of your VPN software.

    It is simply needed in order to create a connection and to route traffic to the proper place, in this case your virtual adapter.


  • 3.  RE: 00:53:45 MAC Addresses

    Posted Jun 22, 2010 10:32 AM

    its when they come from outside the firewall...using vpn
     



  • 4.  RE: 00:53:45 MAC Addresses

    Posted Jun 22, 2010 04:25 PM

    Why would the SEPM list the MAC address of a VPN user as 00:00:00:00:00 instead of the 00:53:45 MAC address. We use the built in Windows DUN connection to connect the VPN. It's strange. IF the user is connected to the VPN before SEP installed, and SEP is then pushed out, everything seems to work (sylink communication, def updates, etc...), however IF the user disconnects from the VPN and tries to reconnect, he gets an error 619 (unreachable error) until SEP is uninstalled.

    I was thinking it might be a Windows firewall issue. Not real sure. The client is Win7 Pro 32-bit.

    Any ideas?

    Mike



  • 5.  RE: 00:53:45 MAC Addresses

    Posted Jun 22, 2010 05:10 PM
    I would need to check, but sometimes, a Virtual Adpater, such as an installed Virtual VPN adapter does not reply to ARP requests or netbios queries.  Lack thereof can result in the Virutal Adapter being assigned a 00:00:00:00:00:00 MAC address, in order for the connectivity to still be established and for the traffic being sent from the "real adapter" to be broadcast along the wire and back again. 

    The Firewall or VPN device that handled the initial handshake for the VPN tunnel holds a table that allows it to identify who the traffic on the network is from/for.  Thus, information travels to the correct machine. 


    Have you tried, with a VPN connection established, doing a ipconfig /all to see what the MAC address is of the Virtual Adpater?


  • 6.  RE: 00:53:45 MAC Addresses

    Posted Jun 23, 2010 08:09 AM

    Hey Jason,

    Yes I sure did. The MAC address is blank from ipconfig command. I mean blank as in nothing is there, no 00:00:00:00:00:00 or anything.

    Phyiscal Address ...........: (blank)

    I'll VPN over the test lab and see if I get a MAC address when I connect and report back.

    Mike



  • 7.  RE: 00:53:45 MAC Addresses

    Posted Jun 23, 2010 08:13 AM

    One other thing, I thought it might be a bad teefer install, but I installed just the antivirus component to test, and it's doing the same thing. Once the SEP client installs and the user tries to reconnect to the VPN he gets the error 619.

    Mike



  • 8.  RE: 00:53:45 MAC Addresses

    Posted Jun 23, 2010 09:50 AM

    I didn't have a MAC address with the virutal adpater when I connected through the VPN on the test lab. This is a vert strange problem.

    Mike



  • 9.  RE: 00:53:45 MAC Addresses
    Best Answer

    Posted Jun 23, 2010 10:32 AM
    Hmmm...  I tried the same exercise using my "Watchguard" client and firewall.  Aothough, when I create my virtual adapter, the system assigns it a 02:xx:xx MAC address and when I connect to SEPM, I can see, even though connected through the VPN, the REAL MAC address of the network card, in this case wireless MAC address regitering in the system.

    I think the limitation is in the software or virtual adapter, moreso than with Symantc itself. 

    - If Symantec is not installed, do you have a MAC address on the Virtual Adapter?
    - Some VPN software, allows you to assign a MAC manually...
    -> Device Manager -> Network Card -> Properties -> Advanced (tab) -> Network Address: Enter MAC address.

    * * * * * * *
    I suspect however, that because you are using DUN from Windows, you have fallen into a M$ blackhole.  Dating back to nearly 10 years. 

    Others, have tried and successfully fixe this problem with the following commands, to wipe out the IP stack and fix the Socket in the System for the Virtual NIC to create itself properly...

    **Windows XP**

    netsh int ip reset reset.log 
    netsh winsock reset catalog

    ** Windows Vista and above **  (run as administrator)

    netsh winsock reset catalog 
    netsh int ipv4 reset resret.log 
    netsh int ipv6 reset reset.log  (If applicable)


    Reboot system.  All configured parameters of Static IP addresses on all Cards will be lost...  SO take note, BEFORE performing.

    There is always a chance that uninstalling and reinstalling the NIC drivers could help...  But because it is Windows being Windows...


    Also, very interesting is the fact that it works without Symantec installed...  Does it have a MAC without Symantec?? 


  • 10.  RE: 00:53:45 MAC Addresses

    Posted Jun 23, 2010 10:47 AM

    Jason,

    Thank you for your feedback. I will check today, and see what I can find out.

    Mike



  • 11.  RE: 00:53:45 MAC Addresses

    Posted Jun 25, 2010 04:43 PM

    @ Jason,

    I tried resetting the IP and socket which didn't help. So, we are going to configure another laptop and swap them out. I think there is some sort of VPN configuration problem or something. You provided some good info. Thanks!

    Mike