Link to home
Start Free TrialLog in
Avatar of Bobjedi
Bobjedi

asked on

TMG 2010 Site-to-site VPN Setup problems

Hi,

Wonder if anyone can help, I have a TMG 2010 setup as primary firewall solution with dual NICS (3LEG) where one NIC is the external public IP all is working well, internet access, proxy, URL filtering even remote PTPP VPN dial in for end users works great.

The issue ia around setting up a site to site VPN solution with a branch office, ive tried PTPP with another TMG box, IPSEC and PTPP with draytek/zyxel routers. Ive got as close as the TMG box recieving IKE 500 requests which it accepts but nothing more..

Now for the daft questions:

1.) When setting up a site to site VPN when it asks to specifiy the VPN tunnel end points is it refering to the Public IP of the internet connection 83.244.X.X at both ends of the VPN or the private IP of the TMG gateway and router: 10.20.30.10 for example?

2.) Under network address range does this just need to be the remote internal address range: 10.20.33.1 - 10.20.33.254 (only internal range) or do we need to add the gateway IP either internal or external of the TMG box or public IP?

3.) In addition can anyone provide any other additional obvious config pointers i need to be aware, other network rules im missing etc Im really struggling with what should be a simple concept and im considering going back to my Watchguard fireboxes!

In addition if anyone has any other setup guides or sample rule sets/screen shots that work for them that would be greatly appreciated.

Many thanks in advance for any advice.

Regards

Bob

ASKER CERTIFIED SOLUTION
Avatar of q2q
q2q
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Bobjedi
Bobjedi

ASKER

Many thanks for your prompt response, i think item 3 maybe putting us on the right track as we were using IP ranges on the same subnet. (10.20.30.0/10.20.33.0)

Were going to try a 192.168.x.x range now and will come back to you.

FYI the main site FW is TMG and the branch office is a Firebox X10e

Many thanks

Bob
Avatar of Bobjedi

ASKER

Hi,

Worked like a charm! The subnets were the issue and we just needed that little bit of advice to push us in the right direction!

Have been pulling my hair out for 4 days so thanks very much! ;)

Kind regards

Bob