Forefront TMG cannot locate a route to the remote site. As a result, a connection cannot be established. To establish the IPsec site-to-site connection, you must update the routing table. (Network Steve Forum)

Forefront TMG cannot locate a route to the remote site. As a result, a connection cannot be established. To establish the IPsec site-to-site connection, you must update the routing table.

I'm setting up a site-to-site IPSEC tunnel between Forefront TMG 2010 and Cisco ASA 5512-X. The tunnel initiates fine when there is an interesting traffic coming from the ASA side. Once the tunnel is initiated, the traffic flows both ways.

I can't seem to be able to get the Forefront to initiate the tunnel. On server restart, the following message gets logged in the event log:

"Forefront TMG cannot locate a route to the remote site. As a result, a connection cannot be established. To establish the IPsec site-to-site connection, you must update the routing table."

What exactly do I need in the routing table for Forefront to be able to initiate the tunnel?

July 15th, 2013 7:38am

Hi,

Thank you for the post.

You should configure route network relationship between internal network and the remote network. Please refer to this blog: http://tmgblog.richardhicks.com/2011/01/25/configuring-site-to-site-vpn-with-forefront-tmg-and-cisco-pix-and-asa/

Regards,

Free Windows Admin Tool Kit Click here and download it now

July 17th, 2013 4:18am

I've managed to get this resolved. The problem was that I have 10.1.0.0 range allocated to this site, but multiple subnets within (10.1.13.0/24, 10.1.14.0/24, etc.). I thought I'm being smart by just forwarding everything under 10.1.0.0/16 to the remote endpoint.

Changing the remote network settings and putting each remote subnet in separately seems to have resolved it.

Thanks

July 17th, 2013 9:23am

This topic is archived. No further replies will be accepted.