I'm testing a TMG 2010 SP2 server, and set up an IPSec tunnel between it (network 192.168.88.0/24) and another distant site (single IP) using a Cisco. The tunnel works great, as I can access RDP or whatever.
But, I can't do any HTTP request on the distant server. Everytime, it fails :Technical Information (for support personnel)
- Error Code 10060: Connection timeout
- Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.
- Date: 14/03/2012 10:47:46 [GMT]
- Server: MinasTirith.mydomain.lan
- Source: Firewall
I've tried diagnostic logging but it does not seems usefull. The route seems ok, and the web proxy stop with :
"Forefront TMG rejected the request with the HTTP status code 504 and will return the following error message to the Web client. "The connection timed out. (10060)""
The access rule to my IPSEc tunnel allow all outound traffic.
If a create a custom MyHTTP Protocol, without Web Proxy Filter, and change my access rule to allow all outbound traffic except HTTP (and then force using MyHTTP), I can successfully surf on the distant server.
What cause this strange issue ?
Using NM 3.4 I saw an interresting :
Http: Response, HTTP/1.1, Status: Gateway timeout, URL: /Superviseur/ClientCentral/List
Frame: Number = 2656, Captured Frame Length = 1514, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[1C-6F-65-D4-FB-34],SourceAddress:[00-14-22-12-5A-BD]
+ Ipv4: Src = XX.XX.XX.XX, Dest = 192.168.88.60, Next Protocol = TCP, Packet ID = 18258, Total IP Length = 1500
+ Tcp: Flags=...A...., SrcPort=HTTP(80), DstPort=4053, PayloadLen=1460, Seq=556959385 - 556960845, Ack=4174278417, Win=253
- Http: Response, HTTP/1.1, Status: Gateway timeout, URL: /Superviseur/ClientCentral/List
StatusCode: 504, Gateway timeout
Reason: Proxy Timeout ( The connection timed out. )
Via: 1.1 MINASTIRITH
+ ContentType: text/html
+ payload: HttpContentType = text/html
I have the same issue. Trying to run sharepoint over a IPSEC tunnel. I found this link, but don't wanna use this kind of solution.
Jimmy Svensson. IT Konsult Göteborg Sverige. MCTS-Windows Server 2008 R2, Server Virtualization. MCTS SBS Server Configuration. MCTS Windows 7 Configuration.
- Edited by vind-surfer Thursday, April 05, 2012 1:15 PM