Cannot establish outbound VPN through TMG (PPTP, IPsec)
-
Tuesday, November 13, 2012 5:22 PM
Hi,
I have the Problem, that I can not establish outbound VPN through TMG. Here is the Logging:PPTP:
Initiated Connection
<id id="L_LogPane_LogType">Log type: </id><id id="L_LogPane_FirewallService">Firewall service</id> <id id="L_LogPane_Status">Status: </id>The operation completed successfully. <id id="L_LogPane_Rule">Rule: </id>[INTERN] - Sonstige Dienste <id id="L_LogPane_Source">Source: </id>Internal (10.10.14.192:58793) <id id="L_LogPane_Destination">Destination: </id>External (mailsecure.emz.de 89.245.153.218:1723) <id id="L_LogPane_Protocol">Protocol: </id>PPTP Denied Connection
<id id="L_LogPane_LogType">Log type: </id><id id="L_LogPane_FirewallService">Firewall service</id> <id id="L_LogPane_Status">Status: </id>The policy rules do not allow the user request. <id id="L_LogPane_Rule">Rule: </id>Default rule <id id="L_LogPane_Source">Source: </id>Internal (10.10.14.192) <id id="L_LogPane_Destination">Destination: </id>External (mailsecure.emz.de 89.245.153.218) <id id="L_LogPane_Protocol">Protocol: </id>Unidentified IP Traffic (GRE:0)
IPsec
Closed Connection
<id id="L_LogPane_LogType">Log type: </id><id id="L_LogPane_FirewallService">Firewall service</id> <id id="L_LogPane_Status">Status: </id>A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake. <id id="L_LogPane_Rule">Rule: </id>[INTERN] - Sonstige Dienste <id id="L_LogPane_Source">Source: </id>Internal (10.10.14.192:4500) <id id="L_LogPane_Destination">Destination: </id>External (213.217.115.205:4500) <id id="L_LogPane_Protocol">Protocol: </id>IPsec NAT-T Client
Closed Connection
<id id="L_LogPane_LogType">Log type: </id><id id="L_LogPane_FirewallService">Firewall service</id> <id id="L_LogPane_Status">Status: </id>A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake. <id id="L_LogPane_Rule">Rule: </id>[INTERN] - Sonstige Dienste <id id="L_LogPane_Source">Source: </id>Internal (10.10.14.192:500) <id id="L_LogPane_Destination">Destination: </id>External (213.217.115.205:500) <id id="L_LogPane_Protocol">Protocol: </id>IKE Client Denied Connection
<id id="L_LogPane_LogType">Log type: </id><id id="L_LogPane_FirewallService">Firewall service</id> <id id="L_LogPane_Status">Status: </id>An ingoing packet was dropped because its destination address does not exist on the system, and no appropriate forwarding interface exists. <id id="L_LogPane_Rule">Rule: </id>None - see Result Code <id id="L_LogPane_Source">Source: </id>Internal (10.10.14.192:62355) <id id="L_LogPane_Destination">Destination: </id>External (239.255.255.250:1900) <id id="L_LogPane_Protocol">Protocol: </id>Unidentified IP Traffic (UDP:1900) I am using the TMG 2010 SP2 on Windows Server 2008 R2 SP1, I installed following Updates/hotfixes:
- KB 980674 - VPN site-to-site connections may not work after enabling NLB.
- Rollup 2 for TMG 2010 SP2Only the outbound VPN doesn't work, inbound VPN is no Problem.
ISP Redundancy mode is: load balancing with failover capability.
failure code XP: 721
failure code Win7: 806
I really hope you can help me.
- Edited by Sebastian Baur Wednesday, November 14, 2012 10:02 AM
- Edited by Sebastian Baur Wednesday, November 14, 2012 10:45 AM
All Replies
-
Thursday, November 15, 2012 5:05 PMWhat are you trying to do exactly? Site to site VPN? Or...
-
Friday, November 16, 2012 3:39 AMModerator
Hi,
Thank you for the post.
Please make sure to set the Client as Secure Nat and create access rule to allow protocol “IKE Client” & “IPSec NAT-T Client” from internal to external.
Regards,
Nick Gu - MSFT
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, November 19, 2012 1:40 AM
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Tuesday, November 20, 2012 9:19 AM
.png)
