Solved

Rerouting Internal Traffic Via 3rd Party VPN (TMG 2010)

Posted on 2010-11-29
4
761 Views
Last Modified: 2012-05-10
I have a simple 192.168.0.0/24 network with TMG as perimeter gateway on 192.168.0.254.

There is another network I need to route to which is 172.20.0.0.  A third party VPN Device (Cisco) is on 192.168.0.253.

Currently in order to get this to work with the gateway I want (.254), I need to add static routes to the PCs.  I want TMG to handle the routing without need for PC static routes...

I have tried the following:

Added 172.20.0.0 to internal networks on TMG
Added route on TMG Server (172 etc via 253)
No good.

Also tried:

Creating new network called X (172.20.0.0/24)
Network rule (ROUTE Internal <-> X)
Access rule (ALLOW ALL IN/OUT Internal <-> X)

Also no good.  Packets are being dropped as spoofed.

Is there a way of redirecting all traffic hitting TMG destined for 172.20.x.y to 192.168.0.253?

Perhaps this is not possible...  Diagram attached for idea of what's going on. Network Diagram
0
Comment
Question by:patrickfreer
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 34241220
The VPN Device (brand is irrelevant) has to come off the side of the TMG using a third nic with a secondary "internal type" network if your LAN behind the TMG is a single subnet.

 VPN Sample
If the LAN behind the TMG is multiple subnet with it's own internal dedicated LAN Router then the VPN Device plugs directly into the LAN and does not involve the TMG at all.  In this second diagram below, for the sake of understanding, treat the Switch in the middle of each LAN as if is were a LAN Router or a L3 Switch

 VPN Sample 2
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34243606
The gateway to the 172.20.0.0 network should be through the .253 interface, not the .254 as shown in the requirements box in your diagram.

route -p add 172.20.0.0 mask 255.255.255.0 192.168.0.253

0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34914246
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Port forwarding 14 118
display iPhone Wifi network name 19 80
How to configure this IP Address to my firewall 15 85
Vpn Server 2012 not working Draytek Vigor 2830 2 29
Resolve DNS query failed errors for Exchange
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now