none
IPSec tunnel : HTTP traffic failed

    General discussion

  • Hi,

    I'm testing a TMG 2010 SP2 server, and set up an IPSec tunnel between it (network 192.168.88.0/24) and another distant site (single IP) using a Cisco. The tunnel works great, as I can access RDP or whatever.

    But, I can't do any HTTP request on the distant server. Everytime, it fails :

    Technical Information (for support personnel)
    • Error Code 10060: Connection timeout
    • Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.
    • Date: 14/03/2012 10:47:46 [GMT]
    • Server: MinasTirith.mydomain.lan
    • Source: Firewall

    I've tried diagnostic logging but it does not seems usefull. The route seems ok, and the web proxy stop with :

    "Forefront TMG rejected the request with the HTTP status code 504 and will return the following error message to the Web client. "The connection timed out. (10060)""

    The access rule to my IPSEc tunnel allow all outound traffic.

    If a create a custom MyHTTP Protocol, without Web Proxy Filter, and change my access rule to allow all outbound traffic except HTTP (and then force using MyHTTP), I can successfully surf on the distant server.

    What cause this strange issue ?

    Regards,


    Wednesday, March 14, 2012 11:16 AM

All replies

  • Using NM 3.4 I saw an interresting :

    Http: Response, HTTP/1.1, Status: Gateway timeout, URL: /Superviseur/ClientCentral/List

      Frame: Number = 2656, Captured Frame Length = 1514, MediaType = ETHERNET
    + Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[1C-6F-65-D4-FB-34],SourceAddress:[00-14-22-12-5A-BD]
    + Ipv4: Src = XX.XX.XX.XX, Dest = 192.168.88.60, Next Protocol = TCP, Packet ID = 18258, Total IP Length = 1500
    + Tcp: Flags=...A...., SrcPort=HTTP(80), DstPort=4053, PayloadLen=1460, Seq=556959385 - 556960845, Ack=4174278417, Win=253
    - Http: Response, HTTP/1.1, Status: Gateway timeout, URL: /Superviseur/ClientCentral/List
        ProtocolVersion: HTTP/1.1
        StatusCode: 504, Gateway timeout
        Reason: Proxy Timeout ( The connection timed out.  )
        Via:  1.1 MINASTIRITH
        Connection:  Keep-Alive
        ProxyConnection:  Keep-Alive
        Pragma:  no-cache
        Cache-Control:  no-cache
      + ContentType:  text/html
        ContentLength:  4225  
        HeaderEnd: CRLF
      + payload: HttpContentType =  text/html

    Wednesday, March 14, 2012 11:35 AM
  • Can I have any help with this ?

    Regards,

    Monday, March 19, 2012 9:43 AM
  • I still have this strange issue ?
    Monday, April 02, 2012 2:58 PM
  • I have the same issue. Trying to run sharepoint over a IPSEC tunnel. I found this link, but don't wanna use this kind of solution.

    http://social.technet.microsoft.com/Forums/en-US/Forefrontedgegeneral/thread/ffeee108-af9c-499f-9181-f59b06d00186#6887abab-0926-4598-aa88-2a968ab59a9b

    Jimmy Svensson. IT Konsult Göteborg Sverige. MCTS-Windows Server 2008 R2, Server Virtualization. MCTS SBS Server Configuration. MCTS Windows 7 Configuration.


    • Edited by vind-surfer Thursday, April 05, 2012 1:15 PM
    Thursday, April 05, 2012 1:02 PM