Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


ISA2006 to TMG site-to-site VPN L2TP not working

Posted on 2010-09-04
Medium Priority
Last Modified: 2012-05-10
I have tried to set up a L2TP site to site VPM using a pre-shared key between my office (TMG 2010) and my home (ISA2006).

I have followed this blog -> http://www.isaserver.org/tutorials/Creating-VPN-ISA-Server-2006-Firewalls-Main-Branch-Office-Part1html.html 

I cannot get either side to connect. The user account I am using is a Domain account:
Here are my specs firewall specs:

Office TMG2010
External IP:
Internal IP range: ~
user: vpnmain
domain: Office
Authentication: L2TP
pre-shared key: letmein

Home ISA 2006
External cluster VIP:
NLB members range: ~
Internal IP range: ~
user: vpnmain
domain: Home
Authentication: L2TP
pre-shared key: letmein

What am I missing?

Question by:Phase2
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
LVL 29

Accepted Solution

pwindell earned 2000 total points
ID: 33618058
Use local accounts on the TMG machine sthemselves.
Re-read the article carefully.  The account name spelling must machine the network name of the VPN Network created.  You will be creating two networks,..one on each side,...don't reuse the same name on each.
The location of the network -vs- the location of the accoutn is always confusing to most (me as well).  I believe the account created locally on one side must match the network name create on the other TMG, but double check that because ometimes I still get it backwards
Main Office TMG
VPN Network = branch1
Local Account = hqoffice
Remote TMG1
VPN Network = hqoffice
Local Account = branch1
Windows Event logs will indicate if you got it right.  If there is a "login failure" the Windows Event Log will show it.

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question