Iniciar sesión
 
InicioBibliotecaAprendizajeDescargaSoporteComunidadForos
Recursos para Profesionales de TI >
configure site to site VPN on secondary IP on TMG

Answered configure site to site VPN on secondary IP on TMG

  • martes, 29 de mayo de 2012 7:23
     
     
    Inicie sesión para votar
    0

    hello

    im wondering if configuring IPSec VPN site to site applicable on TMG if im using a secondary IP to be end point connection on TMG ?

    PS. i have implemented this senario and it didnt work with me , i have 2 firewalls one for pptp connection and its our main firewall and the other one is for IPSec connection for customers

    we have decided to move our customers connection to the main firewall and i thuogh by moving the internal and external IPs from IPSec firewall and create the same connections it should be working and smooth migration without the need to inform the customers to change their configurations to point to another IP

    but it unfortunetally no connection happened and only the conection that connects directly to the primary IP were UP

    Best Regards

     

Todas las respuestas

  • martes, 05 de junio de 2012 1:40
    Moderador
     
     
    Inicie sesión para votar
    0

    Hi,

    Thank you for the post.

    With one NIC, TMG VPN require the all IP addresses in the same subnet.
    To your scenario, you couldn't setup different IP in different subnet. Please add another NIC for the site to site VPN.

    If there are more inquiries on this issue, please feel free to let us know.

    Regards

    Rick Tan

    TechNet Community Support

     
  • martes, 05 de junio de 2012 9:31
     
     
    Inicie sesión para votar
    0

    but you have told me that i cannt have different vpn site to site on different IPs !

    all vpn should be to one public IP this what i did

    Best Regards

     
  • jueves, 07 de junio de 2012 3:19
    Moderador
     
     
    Inicie sesión para votar
    0

    Hi,

    all vpn should be to one public IP this what i did.
    Please post your firewall/network topology with ip address. What you mean that primary IP and secondary IP be one public IP?

    When you move your site to site VPN, have you run Create VPN Site-to-Site Connection wizard on both sites?
    http://technet.microsoft.com/en-us/library/dd441072.aspx

    Please troubleshooting your VPN issue follow articles below:
    http://technet.microsoft.com/en-us/library/dd441044.aspx 
    http://technet.microsoft.com/en-us/library/bb794765.aspx

    Regards

    Rick Tan

    TechNet Community Support

     
  • jueves, 07 de junio de 2012 11:01
     
     
    Inicie sesión para votar
    0

    i meant that i have one external network and one internal network

    on the external network i have 2 public IPs from the same subnet on the external network

    can i connect some of the customer on one IP site to site vpn and other customer on the other IP as IPSec ?

    Best Regards

     
  • viernes, 15 de junio de 2012 2:35
     
     Respondida
    Inicie sesión para votar
    0

    I don't think you can achieve this, as only one S2S rule can be created and TMG cannot be configued to listen on both PPTP and IPSEC.

    Regards,

    James

     
  • viernes, 15 de junio de 2012 12:55
     
     
    Inicie sesión para votar
    0

    i thuoght the same as well , ayways we had to change the public IP :)

    thanks