I have a TMG 2010 server that I have connected to a ISA 2006 server by site to site vpn. I can ping from TMG server to internal IP on ISA LAN. I can also ping from ISA server to internal IP on TMG LAN. I cannot ping or otherwise connect from TMG lan IP to ISA lan IP or vice versa. I don't see anything being blocked in the logging. What kind of routes need to be setup to make this work? I have tried everything I can think of, but I still can't make the connection. Any help would be appreciated.

Hi!

Wll, the VPN is up...
On the TMG you need to define a new network, wich contains the subnet of the remote (ISA) network, and them I guess you need to add a ROUTE Network rule, for the 2 networks.

Hi,

When you create site-to-site VPN, TMG would create a new network set named "VPN Client". You should confirm network rule between VPN client and internal is route.Also you should create an access rule between VPN client and internal.

Best Regards

Quan Gu