• Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

1 TMG to 1 RRAS HQ-BO connectivity problem

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Branch Office >> 1 TMG to 1 RRAS HQ-BO connectivity problem Page: [1]
Message << Older Topic   Newer Topic >>
1 TMG to 1 RRAS HQ-BO connectivity problem - 10.Jan.2010 8:15:41 AM   


Posts: 3
Joined: 22.Nov.2005
Status: offline

I hope this posting is understandable.

We have the HQ with 172.25.x.x and Branch with 192.168.5.x.

There is an EBS 2008 with TMG running in the HQ and a Windows 2008R2 running in the branch without ISA, just RRAS.

I created the Site2Site PPTP VPN with the wizard on the TMG. I also created the Demand-Dial Interface on the branch server.

The clients and servers can ping each other well. But, the The RRAS can't access the HQ. This is a problem since the server is the only server in the branch and is an AD controller, RRAS server and DFS file-server.

What I found out so far is that the TMG wizard asks for the remote networks IP subnet. However, when the RRAS from the branch dials-in, it gets an IP from the HQ DHCP server which is 172.25.x.x. Since the TMG only accepts 192.168.5.x as source from the HQ-BO connection, it gives out a spoofing alert and discards the packets. Turning the spoof detection off doesn't help, the server in the BO can't access any ressources in the HQ.
I can't add the 172.25.x.x to the BO-subnets since one subnet can only be associated with on network object.

So the clients from the branch can access the HQ perfectly since they come in with a 192.168. address. Just the RRAS itself comes in with a 172.25. address since he is the one that dialed in and has a direct connection to the HQ. The TMG does not allow 172.25. to come from the Site2Site connection and discards the packet.

What can I do?

Thanks a lot for any help given.

Post #: 1

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Branch Office >> 1 TMG to 1 RRAS HQ-BO connectivity problem Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts