So I have a site to site VPN connected between a router and the TMG 2010 server

The problem I am having is that the traffic is not being routed by TMG

When it hits the TMG server it goes no where

From what i can tell all the right routing is in place for the server, TMG automatically created it when i set up the VPN

Any suggestion what could be blocking it?

I am running on Server 2008 r2 enterprise

Please provide a detailed routing topology and identity the router device vendor.

Route Device vendor is Cisco srp527w, I can confirm that the VPN does connect

172.16.50.0 is the network on the VPN

The other end of the network is 192.168.15.0

Routing Table

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      58.162.84.1    58.162.84.152    261
       10.84.64.0    255.255.254.0         On-link      10.84.65.144    261
     10.84.65.144  255.255.255.255         On-link      10.84.65.144    261
     10.84.65.255  255.255.255.255         On-link      10.84.65.144    261
      Public IP.0    255.255.254.0         On-link     Public IP    261
    Public IP  255.255.255.255         On-link     Public IP    261
    Public IP.255  255.255.255.255         On-link     Public IP    261
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      172.16.50.0    255.255.255.0         On-link      172.16.50.10    261
     172.16.50.10  255.255.255.255         On-link      172.16.50.10    261
    172.16.50.255  255.255.255.255         On-link      172.16.50.10    261
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      10.84.65.144    261
        224.0.0.0        240.0.0.0         On-link     Public IP    261
        224.0.0.0        240.0.0.0         On-link      172.16.50.10    261
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      10.84.65.144    261
  255.255.255.255  255.255.255.255         On-link     Public IP    261
  255.255.255.255  255.255.255.255         On-link      172.16.50.10    261
===========================================================================

• Edited by admiralw Thursday, September 20, 2012 5:32 AM additional info
• Proposed as answer by ahmed tawfek 14 hours 48 minutes ago

Hi

It's very to guess the route cause here.

You should check from live logging, see how TMG handles the S2S traffic.

For S2S, you need to configure it carefully, or it won't work.

Follow below article to configure it:

http://technet.microsoft.com/en-us/library/bb838949.aspx

Regards,

James

• Proposed as answer by JamesYi Thursday, September 20, 2012 6:57 AM
• Unproposed as answer by admiralw Thursday, September 20, 2012 10:34 PM

Here is a guide for configuring a site-to-site IPsec vpn between TMG and a cisco endpoint, http://tmgblog.richardhicks.com/2011/01/25/configuring-site-to-site-vpn-with-forefront-tmg-and-cisco-pix-and-asa/

I used a similar guide to setup the connection

As I said above the VPN is connected, both ends tell me as much

Just traffic does not flow from the TMG down the tunnel

Tracert:

C:\Users\admin>tracert 192.168.15.1

Tracing route to 192.168.15.1 over a maximum of 30 hops

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *     ^C

Pathping:

C:\Users\admin>pathping 192.168.15.1

Tracing route to 192.168.15.1 over a maximum of 30 hops

  0  u1631459000056.tmgtest.local [PUBLIC IP]
  1     *        *        *
Computing statistics for 0 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           u1631459000056.tmgtest.local [PUBLIC IP]

Trace complete.

• Edited by admiralw Thursday, September 20, 2012 10:38 PM more info

I have already read that article and all I can tell is that yes the VPN is connected

The problem is that traffic only seems to flow from the remote network to the TMG and not back

Best I can tell is that the TMG is not routing traffic back down the VPN

Ok A new update

The VPN is now working correctly, not sure what setting I had to change to get it work now

But testing and I can copy files to and from the test enviroment now

Thanks for the help

• Marked as answer by Nick Gu - MSFTMicrosoft contingent staff, Moderator Tuesday, October 09, 2012 1:19 AM

hello , sir
 please help me for the problem tmg
i have two tmg(tmg1-tmg2) and setup vpn site to site
i can view from tmg1 all users in tmg2 and
i can view from tmg2 all users in tmg1 but
i can't view cilent tmg1 to client tmg2
notes:
i make role nat in router and tmg internal to tmg1 and make role  nat in router and tmg2
i need now view and ping client tmg1 to client tmg2 please find solution .

hello , sir
 please help me for the problem tmg
i have two tmg(tmg1-tmg2) and setup vpn site to site
i can view from tmg1 all users in tmg2 and
i can view from tmg2 all users in tmg1 but
i can't view cilent tmg1 to client tmg2
notes:
i make role nat in router and tmg internal to tmg1 and make role  nat in router and tmg2
i need now view and ping client tmg1 to client tmg2 please find solution .