Solved

Rerouting Internal Traffic Via 3rd Party VPN (TMG 2010)

Posted on 2010-11-29
4
759 Views
Last Modified: 2012-05-10
I have a simple 192.168.0.0/24 network with TMG as perimeter gateway on 192.168.0.254.

There is another network I need to route to which is 172.20.0.0.  A third party VPN Device (Cisco) is on 192.168.0.253.

Currently in order to get this to work with the gateway I want (.254), I need to add static routes to the PCs.  I want TMG to handle the routing without need for PC static routes...

I have tried the following:

Added 172.20.0.0 to internal networks on TMG
Added route on TMG Server (172 etc via 253)
No good.

Also tried:

Creating new network called X (172.20.0.0/24)
Network rule (ROUTE Internal <-> X)
Access rule (ALLOW ALL IN/OUT Internal <-> X)

Also no good.  Packets are being dropped as spoofed.

Is there a way of redirecting all traffic hitting TMG destined for 172.20.x.y to 192.168.0.253?

Perhaps this is not possible...  Diagram attached for idea of what's going on. Network Diagram
0
Comment
Question by:patrickfreer
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 34241220
The VPN Device (brand is irrelevant) has to come off the side of the TMG using a third nic with a secondary "internal type" network if your LAN behind the TMG is a single subnet.

 VPN Sample
If the LAN behind the TMG is multiple subnet with it's own internal dedicated LAN Router then the VPN Device plugs directly into the LAN and does not involve the TMG at all.  In this second diagram below, for the sake of understanding, treat the Switch in the middle of each LAN as if is were a LAN Router or a L3 Switch

 VPN Sample 2
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34243606
The gateway to the 172.20.0.0 network should be through the .253 interface, not the .254 as shown in the requirements box in your diagram.

route -p add 172.20.0.0 mask 255.255.255.0 192.168.0.253

0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34914246
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now