Solved

Rerouting Internal Traffic Via 3rd Party VPN (TMG 2010)

Posted on 2010-11-29
4
773 Views
Last Modified: 2012-05-10
I have a simple 192.168.0.0/24 network with TMG as perimeter gateway on 192.168.0.254.

There is another network I need to route to which is 172.20.0.0.  A third party VPN Device (Cisco) is on 192.168.0.253.

Currently in order to get this to work with the gateway I want (.254), I need to add static routes to the PCs.  I want TMG to handle the routing without need for PC static routes...

I have tried the following:

Added 172.20.0.0 to internal networks on TMG
Added route on TMG Server (172 etc via 253)
No good.

Also tried:

Creating new network called X (172.20.0.0/24)
Network rule (ROUTE Internal <-> X)
Access rule (ALLOW ALL IN/OUT Internal <-> X)

Also no good.  Packets are being dropped as spoofed.

Is there a way of redirecting all traffic hitting TMG destined for 172.20.x.y to 192.168.0.253?

Perhaps this is not possible...  Diagram attached for idea of what's going on. Network Diagram
0
Comment
Question by:patrickfreer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 34241220
The VPN Device (brand is irrelevant) has to come off the side of the TMG using a third nic with a secondary "internal type" network if your LAN behind the TMG is a single subnet.

 VPN Sample
If the LAN behind the TMG is multiple subnet with it's own internal dedicated LAN Router then the VPN Device plugs directly into the LAN and does not involve the TMG at all.  In this second diagram below, for the sake of understanding, treat the Switch in the middle of each LAN as if is were a LAN Router or a L3 Switch

 VPN Sample 2
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 34243606
The gateway to the 172.20.0.0 network should be through the .253 interface, not the .254 as shown in the requirements box in your diagram.

route -p add 172.20.0.0 mask 255.255.255.0 192.168.0.253

0
 
LVL 70

Expert Comment

by:Qlemo
ID: 34914246
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question