• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

S2S with NLB Integration on TMG EE

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> S2S with NLB Integration on TMG EE Page: [1] 2   next >   >>
Login
Message << Older Topic   Newer Topic >>
S2S with NLB Integration on TMG EE - 30.Nov.2009 7:26:15 PM   
cheapshot2000

 

Posts: 9
Joined: 18.Mar.2008
Status: offline
All,
Has anyone been able to setup a site-to-site (S2S) along with network load balancing integration on TMG 2010 EE?
The S2S works fine on its own when NLB integration is disabled; and NLB itself works fine. However, as soon as I enable NLB integration the S2S continually stays in a disabled state in RRAS. Manually enabling it simply results in it being disabled within 15 seconds. If I setup NLB manually (not through TMG) the S2S stays enabled. It’s only when done through TMG.
This problem occurs even if I only have 1 server in the array.
Any ideas?
Thanks,
S
Post #: 1
RE: S2S with NLB Integration on TMG EE - 4.Dec.2009 8:17:45 AM   
cheapshot2000

 

Posts: 9
Joined: 18.Mar.2008
Status: offline
Anyone get NLB and S2S to work together? 

(in reply to cheapshot2000)
Post #: 2
RE: S2S with NLB Integration on TMG EE - 14.Dec.2009 7:01:37 PM   
cheapshot2000

 

Posts: 9
Joined: 18.Mar.2008
Status: offline
Just another ping to see if anyone has gotten NLB and S2S working together in unison...

(in reply to cheapshot2000)
Post #: 3
RE: S2S with NLB Integration on TMG EE - 16.Dec.2009 8:28:49 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Haven't tried out that scearnio yet, but I just put it on my list.

Thanks!

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to cheapshot2000)
Post #: 4
RE: S2S with NLB Integration on TMG EE - 18.Dec.2009 3:51:36 PM   
cheapshot2000

 

Posts: 9
Joined: 18.Mar.2008
Status: offline
Thanks Tom.  Anxious to hear your results.  If it helps, our setup for each site includes 2 TMG virtuals servers running on Windows Server 2008 R2 x64.  The virtuals are running on Hyper-V boxes are is also 2008 R2 x64. 

(in reply to cheapshot2000)
Post #: 5
RE: S2S with NLB Integration on TMG EE - 21.Dec.2009 8:47:47 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
OK, cool. Unicast or Multicast NLB?

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to cheapshot2000)
Post #: 6
RE: S2S with NLB Integration on TMG EE - 21.Dec.2009 9:17:54 AM   
cheapshot2000

 

Posts: 9
Joined: 18.Mar.2008
Status: offline
Multicast.  however, we can reproduce the problem with out actually setting up any NLB interfaces.  If we simply Enable NLB Integration, the S2S gets and stays disabled.  Also, we have tried setting up NLB first, then doing the S2S, and vice versa.  Any order of ops we do we seem to run into the same problem.

(in reply to tshinder)
Post #: 7
RE: S2S with NLB Integration on TMG EE - 22.Dec.2009 11:14:13 PM   
cheapshot2000

 

Posts: 9
Joined: 18.Mar.2008
Status: offline
Just an update on more testing we have tried.  Enabling the MAC spoofing on the HyperV guest settings makes no difference on the S2S.  We can however get NLB to work, without redunancy for the S2S by enabling/configuring NLB then disabling integration but leaving the settings.

Unfortunately we've had to start looking into other firewall solutions since we have this problem and also issues with TMG/ISA blocking the RPC traffic through a S2S to/from Exchange 2010 boxes.

(in reply to cheapshot2000)
Post #: 8
RE: S2S with NLB Integration on TMG EE - 25.Dec.2009 10:44:48 AM   
Flo79

 

Posts: 10
Joined: 16.Nov.2004
From: Austria
Status: offline
Hi,

anyone got a solution to this problem?

I have the same problem here, S2S connection between 1 ISA 2006 standard and 1 TMG EE with NLB enabled on all networks.

Really need a solution soon, any help would be great.

(in reply to cheapshot2000)
Post #: 9
RE: S2S with NLB Integration on TMG EE - 27.Dec.2009 1:29:32 PM   
robbosch

 

Posts: 75
Joined: 21.Sep.2004
From: Denver, CO
Status: offline
I'm also wondering if anyone has figured this out. I've found that VPN features with NLB seem broken in TMG. I can't get demand-dial connections to work and get the exact same issue with S2S connections (network interface always disabled in TMG RRAS).

(in reply to Flo79)
Post #: 10
RE: S2S with NLB Integration on TMG EE - 27.Dec.2009 7:59:37 PM   
robbosch

 

Posts: 75
Joined: 21.Sep.2004
From: Denver, CO
Status: offline
I've found that disabling the NLB on the internal side allows my demand-dial VPN connections to work but haven't tested the S2S. It appears, based on logging, that the way TMG handles inbound VPN across the array is by trying the connection across all members. then the one with the IP assigned to the inbound connection can fulfill it.

That doesn't appear to be true NLB. And NLB appears to break a lot of VPN funcitonality.

Disabling the NLB on the internal side (not external) seemed to resolve my issues.

FYI...and I'm sure there will be some clarification by someone more knowledgable.

(in reply to cheapshot2000)
Post #: 11
RE: S2S with NLB Integration on TMG EE - 5.Feb.2010 5:50:26 AM   
Flo79

 

Posts: 10
Joined: 16.Nov.2004
From: Austria
Status: offline
Hi,

anyone got a real solution for this problem?

I opened a case on this topic at microsoft support 3 weeks ago, and they still have no clue where the problem is...

(in reply to robbosch)
Post #: 12
RE: S2S with NLB Integration on TMG EE - 5.Feb.2010 8:57:57 AM   
robbosch

 

Posts: 75
Joined: 21.Sep.2004
From: Denver, CO
Status: offline
We temporarily gave up on using NLB with S2S VPN. I never did find a resolution. I also posted the issue to the TMG forums and never got a response.

Rob

(in reply to Flo79)
Post #: 13
RE: S2S with NLB Integration on TMG EE - 1.Mar.2010 5:22:22 AM   
Tobin

 

Posts: 14
Joined: 2.Apr.2007
Status: offline
Also having the same issue - Please post back here if you get a response from Microsoft

(in reply to Flo79)
Post #: 14
RE: S2S with NLB Integration on TMG EE - 4.Mar.2010 5:11:18 AM   
Flo79

 

Posts: 10
Joined: 16.Nov.2004
From: Austria
Status: offline
After nearly 2 months I just got info from MS: it seems to be some kind of timing issue. they are currently working on a private fix, the final fix should be available in some weeks...

(in reply to Tobin)
Post #: 15
RE: S2S with NLB Integration on TMG EE - 6.Mar.2010 4:17:40 PM   
smclean

 

Posts: 3
Joined: 4.Feb.2010
Status: offline
quote:

ORIGINAL: Flo79

After nearly 2 months I just got info from MS: it seems to be some kind of timing issue. they are currently working on a private fix, the final fix should be available in some weeks...



When they say private fix does that mean we will have to burn a support case to get the fix or will it be released as a normal windows update?

(in reply to Flo79)
Post #: 16
RE: S2S with NLB Integration on TMG EE - 26.Mar.2010 9:41:47 AM   
aavdberg

 

Posts: 35
Joined: 30.Jul.2004
From: The Netherlands
Status: offline
We have same problem also running TMG 2010 EE with NLB on External en Internal and DMZ and RRAS is on both array members disabled.

_____________________________

Greeting from
André van den Berg.

(in reply to smclean)
Post #: 17
RE: S2S with NLB Integration on TMG EE - 29.Mar.2010 6:13:55 PM   
Tobin

 

Posts: 14
Joined: 2.Apr.2007
Status: offline
quote:

ORIGINAL: Flo79

After nearly 2 months I just got info from MS: it seems to be some kind of timing issue. they are currently working on a private fix, the final fix should be available in some weeks...


Update for all - Appears to be some sort of WMI subscription issue apparently - Hotfix is due out in a couple of weeks. I'll be notified when it's available (we have a support case logged) and will update here.

(in reply to Flo79)
Post #: 18
RE: S2S with NLB Integration on TMG EE - 31.Mar.2010 10:30:21 AM   
rino01

 

Posts: 69
Joined: 1.Jul.2005
From: Stockholm / Sweden
Status: offline
Nice, since I have the same issue as well. I have seen the same problem for other users as well in other forums so my guess this patch will be higly apriciated.

_____________________________

Best Regards

//Rickard

(in reply to Tobin)
Post #: 19
RE: S2S with NLB Integration on TMG EE - 13.Apr.2010 12:09:08 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
So, in no circumstances does it work when you enable NLB through the TMG console?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to rino01)
Post #: 20

Page:   [1] 2   next >   >> << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> S2S with NLB Integration on TMG EE Page: [1] 2   next >   >>
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts