locked
TMG cannot be accessed througt his internal IP. RRS feed

  • Question

  • Hi there! We have ipsec Site-to-Site 2 ISA server connected(ISA 2004 and TMG 2010). Settings are equal on both servers. All traffic is allowed everywhere. ISA Server can't ping TMG using TMG's internal IP(TTL out), but clearly ping all hosts behind TMG. TMG clearly pings ISA to internal and external ip's. What is the problem with TMG, that is the question!

    Thank you for help in advace!

    Monday, August 30, 2010 11:34 AM

Answers

  • I understand the reason. We actually have the issue being worked up and investigated. I dont know the timeframe for the resolution though but if you want you can open up a bug case with us to have your issue registered and that ways you can keep a track on when the fix will be out.
    Monday, September 27, 2010 11:00 PM
    Moderator

All replies

  • Hi,

     

    Thank you for the post.

     

     Please recreate the site-to-site VPN and use ISA BPA to check the settings.

     

    Regards,


    Nick Gu - MSFT
    Friday, September 3, 2010 2:44 AM
    Moderator
  • Saturday, September 4, 2010 12:17 PM
  • Is it a IPSec Tunnel?
    Saturday, September 4, 2010 4:17 PM
  • Hi Silkworm,

    We have some known issues with the IPsec policies that get created between the two because of which ISA cannot ping TMG specifically. This does not affect client to client communication which I guess you have already seen now. The investigation is still on however what i wanted to check is if this is preventing you from doing any specific task?

    Monday, September 13, 2010 5:04 AM
    Moderator
  • >Is it a IPSec Tunnel?

    That's right.

    >This does not affect client to client communication

    Client communication is good! But i can't publish ports to internal TMG ip for remote site clients - that is a task.

    Tuesday, September 14, 2010 11:50 AM
  • Hi Silkworm

    If you want to publish ports then why are we doing a VPN? Publishing is done when you do not have access to the network. If you have VPN and are already connected to the network then why is publishing needed? Maybe I am missing the bigger picture.

    Thanks
    Mohet

    Friday, September 17, 2010 6:47 PM
    Moderator
  • Hi Mohet!

    In general, you are right. But with port publishing, ISA can be a single entry point for internal clients. For exemple, my internal portal and other several services are published through ISA's internal IP. It is very comfortabe for personel, who don't need to remember IP's and names-only 1 ip for all. With TMG i can't use this scheme.

    Thanks!

    Sunday, September 19, 2010 6:05 PM
  • I understand the reason. We actually have the issue being worked up and investigated. I dont know the timeframe for the resolution though but if you want you can open up a bug case with us to have your issue registered and that ways you can keep a track on when the fix will be out.
    Monday, September 27, 2010 11:00 PM
    Moderator
  • Thank you, Mohet!

    Wednesday, September 29, 2010 10:51 AM