Rerouting Internal Traffic Via 3rd Party VPN (TMG 2010)

I have a simple 192.168.0.0/24 network with TMG as perimeter gateway on 192.168.0.254.

There is another network I need to route to which is 172.20.0.0.  A third party VPN Device (Cisco) is on 192.168.0.253.

Currently in order to get this to work with the gateway I want (.254), I need to add static routes to the PCs.  I want TMG to handle the routing without need for PC static routes...

I have tried the following:

Added 172.20.0.0 to internal networks on TMG
Added route on TMG Server (172 etc via 253)
No good.

Also tried:

Creating new network called X (172.20.0.0/24)
Network rule (ROUTE Internal <-> X)
Access rule (ALLOW ALL IN/OUT Internal <-> X)

Also no good.  Packets are being dropped as spoofed.

Is there a way of redirecting all traffic hitting TMG destined for 172.20.x.y to 192.168.0.253?

Perhaps this is not possible...  Diagram attached for idea of what's going on. Network Diagram
LVL 1
patrickfreerAsked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
The gateway to the 172.20.0.0 network should be through the .253 interface, not the .254 as shown in the requirements box in your diagram.

route -p add 172.20.0.0 mask 255.255.255.0 192.168.0.253

0
 
pwindellCommented:
The VPN Device (brand is irrelevant) has to come off the side of the TMG using a third nic with a secondary "internal type" network if your LAN behind the TMG is a single subnet.

 VPN Sample
If the LAN behind the TMG is multiple subnet with it's own internal dedicated LAN Router then the VPN Device plugs directly into the LAN and does not involve the TMG at all.  In this second diagram below, for the sake of understanding, treat the Switch in the middle of each LAN as if is were a LAN Router or a L3 Switch

 VPN Sample 2
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.