Solved

RV042 behind Forefront TMG 2010

Posted on 2012-03-21
4
1,103 Views
Last Modified: 2012-03-30
Currently i am having a scenario where i have setup RV042 and  which is connected to Microsoft Forefront 2010. PPTP works fine through remote site only on  rv042 subnet but i am not able to access the "internal" network of TMG.

 

RV042 (172.16.1.1) ---> TMG [external] (172.16.1.2) ---> TMG [internal] (192.168.1.1)

 

Is there any way through static route to access the TMG internal network through RV042 pptp server ?
0
Comment
Question by:ibrahim52
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 26

Expert Comment

by:Fred Marshall
ID: 37750269
Well, let's see:
packets come out of the tunnel destined for the 176.16.1.0 /24 subnet.
That's how things work.
So, there's no way to traverse the TMG, or any other device, because there's no place for a follow-on destination subnet address.
I've tried this with an RV042 where the next hop on the subnet was another VPN device going to a 3rd site.  The problem is that there's no way to have the next remote subnet in the destination.  Only the VPN device can be a destination.

In this case maybe you could use port addressing.
That is, destination would be 172.16.1.2:222
And, port 222 would be translated in the TMG to go to a specific IP address and perhaps port like 192.168.1.1:80.  I've not tried doing this.
0
 
LVL 12

Author Comment

by:ibrahim52
ID: 37751082
But when i searched internet most of the results says that STATIC ROUTING could work but unfortunately no one has tried plus i dont have multiple boxes to give it a try by creating an IPSEC tunnel.Where i could add two remote subnets (172 & 192) but still ill wait for some more experts comments over here and meanwhile give it a try with static routing.
0
 
LVL 12

Accepted Solution

by:
ibrahim52 earned 0 total points
ID: 37762913
Well after expecting experts views from so long, i took help from one of my senior where i had to make changes in NETWORK RULES of TMG by creating Internal to External & External to Internal rules for 5 PPTP ip addresses and it started working. This is how it helped.

Common troubleshooting steps :

1.  Check the IP address of TMG if it is pinging through RV042 firmware.
2.  If not pinging than create a policy to allow PING into internal network.
3.  Do the STATIC ROUTING in RV042 by keeping the IP address as TMG internal ip & gateway as TMG wan static ip.
4. Ping to confirm if you are having access through the router to TMG using PING utility of RV042.
5. Once you are able to PING than , enable PPTP and connect from the remote side and PING the WAN static ip of TMG and any of the INTERNAL ip of TMG network.
6. If you are not able to ping TMG internal network by just STATIC ROUTING from RV042
7. Than you need to create two rules under NETWORK RULES of FOREFRONT (check this option in FOREFRONT management window) , first you need to create a range of PPTP ip addresses in SUBNET category of TMG and use these range of ip addresses in the rules we are going to create.
8. Create SOURCE (PPTP IP ADDRESS RANGE) to INTERNAL and INTERNAL to (PPTP IP ADDRESS RANGE)
9. That's it , i am sure you will be able to ping it from the remote and so does access the resources of TMG network.

Please if any one have any doubts, post it here. Ill be really glad to help. Thank you.
0
 
LVL 12

Author Closing Comment

by:ibrahim52
ID: 37786120
After waiting for experts to put their views from so long. Thankfully, it got solved and i am sharing the same for other people who are facing a similar issue like i did.
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month8 days, 11 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question