Can't ping from DC1 behind TMG1 to DC2 behind TMG2 on a site-to-site VPN connection

Hi,

I have a weird problem. I have two TMG servers on each site in a hyper-v lab environment. I have been able to establish the site-to-site VPN successfully however when I ping from DC1 behind TMG1(on site 1) to TMG2, DC2, i am able to ping. However the opposite doesn't work. After some trial and error, I figured out that the one initiating the demand-dial request is able to ping the other site, not vice-versa..very strange. I would like to know whether ICMP requests could be achieved bi-directionally..

Secondly, I am able to ping from TMG1 to all the clients sitting behind TMG2 (including the TMG host), however the clients sitting behind TMG1 can't ping TMG2 neither any of the clients behind it. I tried every possible combination under the firewall policies but of complete vain. hell, I am starting to develop a very bad feeling about this product because of making such simple tasks overly complex. I mean, if it were a Cisco or Sonicwall, we could have done this so easily. 

What my final motive is to send LDAP requests from DC1 to DC2 and vice-versa over a site-to-site VPN so that I could set up 2 different sites in AD on different subnets and then proceed with configuring DAG. But if this simple thing turns out to be such major roadblock, dunno how am I gonna pass DAG traffic over it.

Can someone PLEASE help me!! I am completely exhausted researching on this issue.

Regards,

Dman

January 27th, 2014 12:02am

FYI, both the TMG servers are domain joined.
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2014 12:07am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics