Solved

RV042 behind Forefront TMG 2010

Posted on 2012-03-21
4
1,062 Views
Last Modified: 2012-03-30
Currently i am having a scenario where i have setup RV042 and  which is connected to Microsoft Forefront 2010. PPTP works fine through remote site only on  rv042 subnet but i am not able to access the "internal" network of TMG.

 

RV042 (172.16.1.1) ---> TMG [external] (172.16.1.2) ---> TMG [internal] (192.168.1.1)

 

Is there any way through static route to access the TMG internal network through RV042 pptp server ?
0
Comment
Question by:ibrahim52
  • 3
4 Comments
 
LVL 25

Expert Comment

by:Fred Marshall
ID: 37750269
Well, let's see:
packets come out of the tunnel destined for the 176.16.1.0 /24 subnet.
That's how things work.
So, there's no way to traverse the TMG, or any other device, because there's no place for a follow-on destination subnet address.
I've tried this with an RV042 where the next hop on the subnet was another VPN device going to a 3rd site.  The problem is that there's no way to have the next remote subnet in the destination.  Only the VPN device can be a destination.

In this case maybe you could use port addressing.
That is, destination would be 172.16.1.2:222
And, port 222 would be translated in the TMG to go to a specific IP address and perhaps port like 192.168.1.1:80.  I've not tried doing this.
0
 
LVL 12

Author Comment

by:ibrahim52
ID: 37751082
But when i searched internet most of the results says that STATIC ROUTING could work but unfortunately no one has tried plus i dont have multiple boxes to give it a try by creating an IPSEC tunnel.Where i could add two remote subnets (172 & 192) but still ill wait for some more experts comments over here and meanwhile give it a try with static routing.
0
 
LVL 12

Accepted Solution

by:
ibrahim52 earned 0 total points
ID: 37762913
Well after expecting experts views from so long, i took help from one of my senior where i had to make changes in NETWORK RULES of TMG by creating Internal to External & External to Internal rules for 5 PPTP ip addresses and it started working. This is how it helped.

Common troubleshooting steps :

1.  Check the IP address of TMG if it is pinging through RV042 firmware.
2.  If not pinging than create a policy to allow PING into internal network.
3.  Do the STATIC ROUTING in RV042 by keeping the IP address as TMG internal ip & gateway as TMG wan static ip.
4. Ping to confirm if you are having access through the router to TMG using PING utility of RV042.
5. Once you are able to PING than , enable PPTP and connect from the remote side and PING the WAN static ip of TMG and any of the INTERNAL ip of TMG network.
6. If you are not able to ping TMG internal network by just STATIC ROUTING from RV042
7. Than you need to create two rules under NETWORK RULES of FOREFRONT (check this option in FOREFRONT management window) , first you need to create a range of PPTP ip addresses in SUBNET category of TMG and use these range of ip addresses in the rules we are going to create.
8. Create SOURCE (PPTP IP ADDRESS RANGE) to INTERNAL and INTERNAL to (PPTP IP ADDRESS RANGE)
9. That's it , i am sure you will be able to ping it from the remote and so does access the resources of TMG network.

Please if any one have any doubts, post it here. Ill be really glad to help. Thank you.
0
 
LVL 12

Author Closing Comment

by:ibrahim52
ID: 37786120
After waiting for experts to put their views from so long. Thankfully, it got solved and i am sharing the same for other people who are facing a similar issue like i did.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now