Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1119
  • Last Modified:

RV042 behind Forefront TMG 2010

Currently i am having a scenario where i have setup RV042 and  which is connected to Microsoft Forefront 2010. PPTP works fine through remote site only on  rv042 subnet but i am not able to access the "internal" network of TMG.

 

RV042 (172.16.1.1) ---> TMG [external] (172.16.1.2) ---> TMG [internal] (192.168.1.1)

 

Is there any way through static route to access the TMG internal network through RV042 pptp server ?
0
ibrahim52
Asked:
ibrahim52
  • 3
1 Solution
 
Fred MarshallPrincipalCommented:
Well, let's see:
packets come out of the tunnel destined for the 176.16.1.0 /24 subnet.
That's how things work.
So, there's no way to traverse the TMG, or any other device, because there's no place for a follow-on destination subnet address.
I've tried this with an RV042 where the next hop on the subnet was another VPN device going to a 3rd site.  The problem is that there's no way to have the next remote subnet in the destination.  Only the VPN device can be a destination.

In this case maybe you could use port addressing.
That is, destination would be 172.16.1.2:222
And, port 222 would be translated in the TMG to go to a specific IP address and perhaps port like 192.168.1.1:80.  I've not tried doing this.
0
 
ibrahim52Team LeaderAuthor Commented:
But when i searched internet most of the results says that STATIC ROUTING could work but unfortunately no one has tried plus i dont have multiple boxes to give it a try by creating an IPSEC tunnel.Where i could add two remote subnets (172 & 192) but still ill wait for some more experts comments over here and meanwhile give it a try with static routing.
0
 
ibrahim52Team LeaderAuthor Commented:
Well after expecting experts views from so long, i took help from one of my senior where i had to make changes in NETWORK RULES of TMG by creating Internal to External & External to Internal rules for 5 PPTP ip addresses and it started working. This is how it helped.

Common troubleshooting steps :

1.  Check the IP address of TMG if it is pinging through RV042 firmware.
2.  If not pinging than create a policy to allow PING into internal network.
3.  Do the STATIC ROUTING in RV042 by keeping the IP address as TMG internal ip & gateway as TMG wan static ip.
4. Ping to confirm if you are having access through the router to TMG using PING utility of RV042.
5. Once you are able to PING than , enable PPTP and connect from the remote side and PING the WAN static ip of TMG and any of the INTERNAL ip of TMG network.
6. If you are not able to ping TMG internal network by just STATIC ROUTING from RV042
7. Than you need to create two rules under NETWORK RULES of FOREFRONT (check this option in FOREFRONT management window) , first you need to create a range of PPTP ip addresses in SUBNET category of TMG and use these range of ip addresses in the rules we are going to create.
8. Create SOURCE (PPTP IP ADDRESS RANGE) to INTERNAL and INTERNAL to (PPTP IP ADDRESS RANGE)
9. That's it , i am sure you will be able to ping it from the remote and so does access the resources of TMG network.

Please if any one have any doubts, post it here. Ill be really glad to help. Thank you.
0
 
ibrahim52Team LeaderAuthor Commented:
After waiting for experts to put their views from so long. Thankfully, it got solved and i am sharing the same for other people who are facing a similar issue like i did.
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now