Solved

Rerouting Internal Traffic Via 3rd Party VPN (TMG 2010)

Posted on 2010-11-29
4
763 Views
Last Modified: 2012-05-10
I have a simple 192.168.0.0/24 network with TMG as perimeter gateway on 192.168.0.254.

There is another network I need to route to which is 172.20.0.0.  A third party VPN Device (Cisco) is on 192.168.0.253.

Currently in order to get this to work with the gateway I want (.254), I need to add static routes to the PCs.  I want TMG to handle the routing without need for PC static routes...

I have tried the following:

Added 172.20.0.0 to internal networks on TMG
Added route on TMG Server (172 etc via 253)
No good.

Also tried:

Creating new network called X (172.20.0.0/24)
Network rule (ROUTE Internal <-> X)
Access rule (ALLOW ALL IN/OUT Internal <-> X)

Also no good.  Packets are being dropped as spoofed.

Is there a way of redirecting all traffic hitting TMG destined for 172.20.x.y to 192.168.0.253?

Perhaps this is not possible...  Diagram attached for idea of what's going on. Network Diagram
0
Comment
Question by:patrickfreer
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 34241220
The VPN Device (brand is irrelevant) has to come off the side of the TMG using a third nic with a secondary "internal type" network if your LAN behind the TMG is a single subnet.

 VPN Sample
If the LAN behind the TMG is multiple subnet with it's own internal dedicated LAN Router then the VPN Device plugs directly into the LAN and does not involve the TMG at all.  In this second diagram below, for the sake of understanding, treat the Switch in the middle of each LAN as if is were a LAN Router or a L3 Switch

 VPN Sample 2
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34243606
The gateway to the 172.20.0.0 network should be through the .253 interface, not the .254 as shown in the requirements box in your diagram.

route -p add 172.20.0.0 mask 255.255.255.0 192.168.0.253

0
 
LVL 69

Expert Comment

by:Qlemo
ID: 34914246
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How VPC help preventing STP Loops 4 100
forward schedule of change 1 51
f5 Persistence 14 52
Monitor changes to folder and file permissions - automated reporting 6 32
Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question