Solved

TMG 2010 Site-to-site VPN Setup problems

Posted on 2010-11-22
3
1,902 Views
Last Modified: 2012-06-21
Hi,

Wonder if anyone can help, I have a TMG 2010 setup as primary firewall solution with dual NICS (3LEG) where one NIC is the external public IP all is working well, internet access, proxy, URL filtering even remote PTPP VPN dial in for end users works great.

The issue ia around setting up a site to site VPN solution with a branch office, ive tried PTPP with another TMG box, IPSEC and PTPP with draytek/zyxel routers. Ive got as close as the TMG box recieving IKE 500 requests which it accepts but nothing more..

Now for the daft questions:

1.) When setting up a site to site VPN when it asks to specifiy the VPN tunnel end points is it refering to the Public IP of the internet connection 83.244.X.X at both ends of the VPN or the private IP of the TMG gateway and router: 10.20.30.10 for example?

2.) Under network address range does this just need to be the remote internal address range: 10.20.33.1 - 10.20.33.254 (only internal range) or do we need to add the gateway IP either internal or external of the TMG box or public IP?

3.) In addition can anyone provide any other additional obvious config pointers i need to be aware, other network rules im missing etc Im really struggling with what should be a simple concept and im considering going back to my Watchguard fireboxes!

In addition if anyone has any other setup guides or sample rule sets/screen shots that work for them that would be greatly appreciated.

Many thanks in advance for any advice.

Regards

Bob

0
Comment
Question by:Bobjedi
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
q2q earned 500 total points
ID: 34188172
SEction 1, yes you will need to enter the public IP address each router is using and where traffic appears to come from for your router to reconnise it.

Section 2, yes netwrok address rarnge is refering to the remote LAN subnet so that it knows which packets to fire accross the vpn

3
As a rule of thumb, try setting up with pptp first as this has very few options to set. If this works you can then move onto trying the ipsec.
General guidelines are
use differnet ip subnet ranges at each site.
Try to keep the hardware the same (makes the whole processes mnuch easier)
If you can provide screen shots of the router vpn config I will be happy to tell you how to set them.
0
 

Author Comment

by:Bobjedi
ID: 34189134
Many thanks for your prompt response, i think item 3 maybe putting us on the right track as we were using IP ranges on the same subnet. (10.20.30.0/10.20.33.0)

Were going to try a 192.168.x.x range now and will come back to you.

FYI the main site FW is TMG and the branch office is a Firebox X10e

Many thanks

Bob
0
 

Author Comment

by:Bobjedi
ID: 34189666
Hi,

Worked like a charm! The subnets were the issue and we just needed that little bit of advice to push us in the right direction!

Have been pulling my hair out for 4 days so thanks very much! ;)

Kind regards

Bob
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now