Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
Site to Site VPN and Cisco Small business Routers

Answered Site to Site VPN and Cisco Small business Routers

  • Thursday, August 30, 2012 6:39 AM
     
     
    Sign In to Vote
    0

    I ma trying to setup a IPSEC site to site VPN between MS Forefront TMG 2010 to a Cisco SRP527W router

    I am running the latest firmware on the router

    I cannot get the 2 to connect, I have matched as best as possible the settings on the SRP527W as are in Forefront

    I can't see any logs to indicate why this is not working

    If anyone has any ideas?

     

    Below are the Settings From Forefront TMG:

    Local Tunnel Endpoint: External IP Router

    Remote Tunnel Endpoint: External IP TMG

     

    IKE Phase I Parameters:

        Mode: Main mode

        Encryption: 3DES

        Integrity: SHA1

        Diffie-Hellman group: Group 2 (1024 bit)

        Authentication Method: Pre-shared secret (ThisIsAPreSharedKey2012)

        Security Association Lifetime: 86400 seconds

     

    IKE Phase II Parameters:

        Mode: ESP tunnel mode

        Encryption: 3DES

        Integrity: SHA1

        Perfect Forward Secrecy: OFF

        Diffie-Hellman group: Group 2 (1024 bit)

        Time Rekeying: ON

        Security Association Lifetime: 28800 seconds

     

        Kbyte Rekeying: ON

        Rekey After Sending: 4608000 Kbytes

     

    Site-to-Site Network IP Subnets:

        Subnet: 10.10.10.0/255.255.255.0

     

All Replies

  • Friday, August 31, 2012 5:36 AM
     
     
    Sign In to Vote
    0

    Just an update

    I have been reviewing the log files and I cant see that there is any connection being attempted to the TMG Server

     
  • Friday, August 31, 2012 6:06 AM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Thank you for the post.

    Do you receive any error message from TMG live logging? If there is not any connection being attempted to the TMG Server, the traffic may be block by some device in front of TMG, please check if there is any router block the vpn traffic.

    Regards,

    Nick Gu - MSFT

     
  • Friday, August 31, 2012 6:46 AM
     
     
    Sign In to Vote
    0

    There is no record in Live logging of a connection even being attempted

    The server is cloud based and while we were assured that there were no firewall rules in places anymore it seems there might be

    As such i dont have access to the router in the normal way

     
  • Monday, September 03, 2012 3:32 AM
    Moderator
     
     
    Sign In to Vote
    1

    Hi,

    Thank you for the update.

    Since the traffic is not reaching to the TMG server, you should contact the person who has right to access the router and check if there is any traffic block.

    Regards,

    Nick Gu - MSFT

     
  • Monday, September 10, 2012 2:40 AM
     
     
    Sign In to Vote
    0

    Hi,

    I have an update, I have changed to a different internet connection and different SRP527w modem

    Now the device is connecting to my TMG 2010 server

    I seem to get an IKE connection going or at least an attempt, but no further

    I am trying to get more out the TMG logging but cant find anything yet

    The SRP527w is useless in terms of log files

    Any suggestions?

     
  • Tuesday, September 18, 2012 1:38 AM
     
     Answered
    Sign In to Vote
    0
    Just an update to say it is working now
    • Marked As Answer by admiralw Tuesday, September 18, 2012 1:38 AM
    •