Avatar of netrescue
netrescue
Flag for Trinidad and Tobago asked on

Forefront TMG cannot establish site to site VPN

hello
i have two locations each with forefront TMG 2010 servers deployed

both locations have client access VPNs configured and working properly where i can VPN and do things like remote desktop to my servers etc

i have configured a site to site VPN as per my extensive knowledge working with ISA and being successful in the past, however i cannot get the connection to work.

i have created the site to site network at both ends. both servers have a user account with dial in permissions locally on the TMG servers matching the site to site network name on them. i see the connection in RRAS and it says unreachable.

i have a peplink in front of one of the TMG servers at one location, but have created an inbound rule to forward all PPTP traffic to my TMG server (the site to site VPN is PPTP).

any ideas what could be causing the issue?
OS SecuritySoftware FirewallsVPNMicrosoft Server OSMicrosoft Forefront ISA Server

Avatar of undefined
Last Comment
netrescue

8/22/2022 - Mon
Craig Beck

You might need to also allow GRE traffic inbound towards the TMG server.

What is the error you receive on the TMG server when the VPN fails?
Chris

can you run the logging on the TMg server you are trying to connect to and see what errors are occurring.

if the peplink doing the load balancing correctly so that the conversation is going up and down the same path as this would cause some issues.
netrescue

ASKER
guys,
i can establish a PPTP client access VPN to both TMG servers individually from a laptop external to both locations.
i have allowed PPTP and GRE protocols to the TMG server that is behind the peplink.
when i try dialing the connection in RRAS manually from either server i get the following:
an error occurred during connection of the interface. the connection was terminated by the remote computer before it could be completed.
the event viewer has the following messages:
event id 20221 - the user system has started dialing a VPN connection....
event id 20222 - the user system is trying to establish a link to the remote access server ... IP address x.x.x.x
event id 20223 - the user system has successfully established a link to the remote access server...
event id 20224 - the link to the remote access server has been established by user system
event id 20227 - The user SYSTEM dialed a connection named chag-freeport which has failed. The error code returned on failure is 628.

all of which happen within a few seconds of dialling consecutively.

any advice?
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
ASKER CERTIFIED SOLUTION
netrescue

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
netrescue

ASKER
i have implemented a workaround since the assistance and whatever i have tried all have not resolved the issue.