Link to home
Start Free TrialLog in
Avatar of netrescue
netrescueFlag for Trinidad and Tobago

asked on

Forefront TMG cannot establish site to site VPN

i have two locations each with forefront TMG 2010 servers deployed

both locations have client access VPNs configured and working properly where i can VPN and do things like remote desktop to my servers etc

i have configured a site to site VPN as per my extensive knowledge working with ISA and being successful in the past, however i cannot get the connection to work.

i have created the site to site network at both ends. both servers have a user account with dial in permissions locally on the TMG servers matching the site to site network name on them. i see the connection in RRAS and it says unreachable.

i have a peplink in front of one of the TMG servers at one location, but have created an inbound rule to forward all PPTP traffic to my TMG server (the site to site VPN is PPTP).

any ideas what could be causing the issue?
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

You might need to also allow GRE traffic inbound towards the TMG server.

What is the error you receive on the TMG server when the VPN fails?
can you run the logging on the TMg server you are trying to connect to and see what errors are occurring.

if the peplink doing the load balancing correctly so that the conversation is going up and down the same path as this would cause some issues.
Avatar of netrescue


i can establish a PPTP client access VPN to both TMG servers individually from a laptop external to both locations.
i have allowed PPTP and GRE protocols to the TMG server that is behind the peplink.
when i try dialing the connection in RRAS manually from either server i get the following:
an error occurred during connection of the interface. the connection was terminated by the remote computer before it could be completed.
the event viewer has the following messages:
event id 20221 - the user system has started dialing a VPN connection....
event id 20222 - the user system is trying to establish a link to the remote access server ... IP address x.x.x.x
event id 20223 - the user system has successfully established a link to the remote access server...
event id 20224 - the link to the remote access server has been established by user system
event id 20227 - The user SYSTEM dialed a connection named chag-freeport which has failed. The error code returned on failure is 628.

all of which happen within a few seconds of dialling consecutively.

any advice?
Avatar of netrescue
Flag of Trinidad and Tobago image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
i have implemented a workaround since the assistance and whatever i have tried all have not resolved the issue.