Solved

ISA2006 to TMG site-to-site VPN L2TP not working

Posted on 2010-09-04
1
1,426 Views
Last Modified: 2012-05-10
I have tried to set up a L2TP site to site VPM using a pre-shared key between my office (TMG 2010) and my home (ISA2006).

I have followed this blog -> http://www.isaserver.org/tutorials/Creating-VPN-ISA-Server-2006-Firewalls-Main-Branch-Office-Part1html.html

I cannot get either side to connect. The user account I am using is a Domain account:
Here are my specs firewall specs:

Office TMG2010
External IP: 123.124.125.126
Internal IP range: 192.168.1.0 ~ 192.168.1.255
user: vpnmain
domain: Office
Authentication: L2TP
pre-shared key: letmein

Home ISA 2006
External cluster VIP: 99.98.97.96
NLB members range: 99.98.97.94 ~ 99.98.97.95
Internal IP range: 192.168.254.0 ~ 192.168.254.255
user: vpnmain
domain: Home
Authentication: L2TP
pre-shared key: letmein

What am I missing?


0
Comment
Question by:Phase2
1 Comment
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
Comment Utility
Use local accounts on the TMG machine sthemselves.
Re-read the article carefully.  The account name spelling must machine the network name of the VPN Network created.  You will be creating two networks,..one on each side,...don't reuse the same name on each.
The location of the network -vs- the location of the accoutn is always confusing to most (me as well).  I believe the account created locally on one side must match the network name create on the other TMG, but double check that because ometimes I still get it backwards
Main Office TMG
VPN Network = branch1
Local Account = hqoffice
Remote TMG1
VPN Network = hqoffice
Local Account = branch1
Windows Event logs will indicate if you got it right.  If there is a "login failure" the Windows Event Log will show it.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Microsoft's ISA Server has been its pre-eminent security product for about a decade and is still regarded amongst the well-informed as one of the best software firewalls and application gateways ever released, by any manufacturer. ISA Server has bee…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now