TMG 2010 Site to Site VPN IPSec not allowing HTTP traffic to traverse through VPN

My internal network is 192.168.192.0/22.  My TMG (2010 SP2) is 192.168.192.1.  I have created an IPsec VPN to Azure.  The network at Azure is 10.0.0.0/24.  I have a firewall rule that allows (Internal & Azure) <--> (Internal & Azure).

I created a virtual machine at 10.0.0.4 and one at 10.0.0.5 and turned on IIS on both.  From either Azure VM I can access the default IIS page on the other server.

The VPN is up and connected. From the internal network I can RDP and access file shares on either VM.  I joined the 10.0.0.4 VM to our internal domain.  From either Azure VM I can ping, RDP, HTTP, and access shares on the internal network.

I cannot HTTP from any internal machines to either of the Azure VMs.  After a minute I receive a timeout error.

TMG firewall logs shown below.  192.168.194.35 is a PC on the internal network. 108.63.8.18 is the public IP of the TMG server.

IIS logs on the Azure VMs never show any traffic getting to them.  Any ideas on why HTTP is not reaching the other side of the tunnel?

UPDATE:

I added a self-signed cert to the Azure VM at 10.0.0.4 and the client PC at 192.168.194.35 can access https://10.0.0.4.  Still not luck with HTTP though.

UPDATE:

Issue is resolved. For the record here is what I had to do:

1. Create a custom HTTP protocol (HTTP Azure) and ensure web proxy filter was not bound.

2. Create a firewall access rule that allow HTTP Azure protocol from internal network to Azure.

3. Create a deny firewall access rule for the predefined HTTP protocol from internal to Azure (reason for this is explained in http://blogs.technet.com/b/isablog/archive/2006/09/25/why-do-i-need-a-deny-rule-to-make-an-allow-rule-for-a-custom-protocol-work-correctly.aspx).

After this I still had some issue with IE if the LAN Settings were set to Automatic (Internet Options > Connection > LAN Settings).

After this HTTP traffic bypassed the web proxy filter and was routed to servers in Azure instead of being NAT'ed by TMG.
  • Edited by KevinWalker Tuesday, January 14, 2014 2:19 AM Solved
January 13th, 2014 8:25pm

Hi,

Thank you for your sharing.

Best Regards

Quan Gu

Free Windows Admin Tool Kit Click here and download it now
January 15th, 2014 2:42am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics