?
Solved

TMG Site-to-Site only works on TMG Server

Posted on 2011-10-18
6
Medium Priority
?
626 Views
Last Modified: 2012-05-12
I've configured a site to site VPN between two TMG servers; however, I can only ping a machine on the remote site when logged on to the TMG server. I can't ping it from any other machine in the network, any idea how I can sort this out? The TMG server is the default gateway.
0
Comment
Question by:AlwaysAStudent
  • 4
  • 2
6 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 36987998
The VPN can't do squat until you create the proper Access Rules on both TMGs.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 36988016
The LAN Routing also has to be correct so that Machines on each LAN know what path to take to cross the VPN.
0
 
LVL 1

Author Comment

by:AlwaysAStudent
ID: 36991759
I've tried setting static routes on client machines with the TMG box as the gateway, when doing a tracert it connects to the TMG box on the first step, but then fails from there.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 29

Accepted Solution

by:
pwindell earned 2000 total points
ID: 36993255
On single subnet LANs the TMG should already be the Default Gateway,...and that takes care of it.

On multi-Segment LANs the LAN Router is (should be, better be) the Default Gateway of all segments.  IT would then most likely have the TMG as its Default Gateway and that will take care of it,...otherwise Static routes would be used on the LAN Router and that would take care of it.

Client workstations should never be making routing decisions and hence should never have static routes on them.  That is just simply indicative of a bad network design.

But Routes aren't the only thing I mentioned.
0
 
LVL 1

Author Closing Comment

by:AlwaysAStudent
ID: 36998240
Set a static route on the TMG server and the problem was solved. Thanks!
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37000055
OK,..very good.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Screencast - Getting to Know the Pipeline
Suggested Courses

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question