Sign in
Microsoft.com
 
Microsoft Forefront codename "Stirling"
 
 
 
Microsoft Forefront codename "Stirling" > Forefront Codename 'Stirling' Forums > Forefront Threat Management Gateway > Major issues with a remotely located TMG server
Ask a questionAsk a question
Search Forums:
 

QuestionMajor issues with a remotely located TMG server

  • Monday, November 02, 2009 8:03 PMip-rob Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    The scenario is that I have a server that is a member of a domain.  It has TMG installed on it.  I'm not trying to set up a site-to-site VPN between the main location and this server (for testing purposes).  There is no domain controller local to the remote TMG server.  The endpoints for the site-to-site VPN are both TMG RC.

    Here are the issues I'm seeing:

    1. The server gets stuck in an endless logical loop.  It cannot apply the configuration with the site-to-site VPN tunnel because it can't contact the domain (event ID is 21257, the specified domain can't be contacted).  Of course it can't be contacted, the site-to-site VPN tunnel isn't up but you can't apply the configuration with the tunnel in it because it can't contact the domain.  The logic here fails my comprehension.

    2, Once I get an L2TP site-to-site tunnel up (I created a manual tunnel to apply the configuraiton with the site-to-site tunnel!) then from the TMG gateway I can ping anything behind the other TMG gateway.  Great!  BUT anything behing the TMG gateway cannot ping anything on the remote network.  I have allowed all traffic between the two networks, see it going out on one side and nothing on the other side.

    Is this just flakey behavior in the "Release Candidate".  It seems like basic site-to-site VPN behavior is severely broken.
    Rob