<div>
The VPN can't do squat until you create the proper Access Rules on both TMGs.
</div>


The VPN can't do squat until you create the proper Access Rules on both TMGs.

<div>
The LAN Routing also has to be correct so that Machines on each LAN know what path to take to cross the VPN.
</div>


The LAN Routing also has to be correct so that Machines on each LAN know what path to take to cross the VPN.

<div>
I've tried setting static routes on client machines with the TMG box as the gateway, when doing a tracert it connects to the TMG box on the first step, but then fails from there.
</div>


I've tried setting static routes on client machines with the TMG box as the gateway, when doing a tracert it connects to the TMG box on the first step, but then fails from there.

<div>
Set a static route on the TMG server and the problem was solved. Thanks!
</div>


Set a static route on the TMG server and the problem was solved. Thanks!

<div>
<div class="content wysiwyg-content">
I've configured a site to site VPN between two TMG servers; however, I can only ping a machine on the remote site when logged on to the TMG server. I can't ping it from any other machine in the network, any idea how I can sort this out? The TMG server is the default gateway.
</div>
</div>


I've configured a site to site VPN between two TMG servers; however, I can only ping a machine on the remote site when logged on to the TMG server. I can't ping it from any other machine in the network, any idea how I can sort this out? The TMG server is the default gateway.

TMG Site-to-Site only works on TMG Server

Microsoft Forefront, formerly known as Internet Security and Acceleration Server (ISA Server), is a network router, firewall, antivirus program, VPN server and web cache that runs on Windows servers. It includes identity management and protection systems, and discontinued systems for threat management and network protection, along with protection for Sharepoint and Exchange. The scope of discussions includes forward and reverse proxy, application and service publishing, virtual private networks (VPNs), outbound access rules, SSL certificates and network routing within either a single node or an highly-available array pairing.