TMG 2010 Site-to-site VPN Setup problems
Posted on 2010-11-22
Wonder if anyone can help, I have a TMG 2010 setup as primary firewall solution with dual NICS (3LEG) where one NIC is the external public IP all is working well, internet access, proxy, URL filtering even remote PTPP VPN dial in for end users works great.
The issue ia around setting up a site to site VPN solution with a branch office, ive tried PTPP with another TMG box, IPSEC and PTPP with draytek/zyxel routers. Ive got as close as the TMG box recieving IKE 500 requests which it accepts but nothing more..
Now for the daft questions:
1.) When setting up a site to site VPN when it asks to specifiy the VPN tunnel end points is it refering to the Public IP of the internet connection 83.244.X.X at both ends of the VPN or the private IP of the TMG gateway and router: 10.20.30.10 for example?
2.) Under network address range does this just need to be the remote internal address range: 10.20.33.1 - 10.20.33.254 (only internal range) or do we need to add the gateway IP either internal or external of the TMG box or public IP?
3.) In addition can anyone provide any other additional obvious config pointers i need to be aware, other network rules im missing etc Im really struggling with what should be a simple concept and im considering going back to my Watchguard fireboxes!
In addition if anyone has any other setup guides or sample rule sets/screen shots that work for them that would be greatly appreciated.
Many thanks in advance for any advice.