• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Web Proxy over a VPN Tunnel

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Web Proxy over a VPN Tunnel Page: [1]
Login
Message << Older Topic   Newer Topic >>
Web Proxy over a VPN Tunnel - 27.Jul.2012 7:54:15 AM   
billvor

 

Posts: 16
Joined: 1.Apr.2008
Status: offline 		I have run into a curious issue on our site to site VPN tunnels. I have a central TMG 2010 server with remote Cisco ASA 5505 router/firewalls. All traffic passes just great between the sites. The only problem I have is that I can't use the web proxy service through these tunnels.

From a remote site, I point the web browser proxy settings to the internal interface of my TMG 2010. I cannot ping that interface (even though it's enabled), and the browser acts as though no traffic is making it across the tunnel. But, if I try to telnet to that interface on port 8080, I get the same response I receive while on the same network as that interface. This leads me to believe something is crossing. I have checked the logging in TMG 2010 and I don't see anything in the logs.

It crossed my mind that Microsoft didn't support this on TMG 2010 because their solution would probably be to just deploy TMG servers at the remote sites. But if I go to Firewall Policy, then go to Tasks and click on Configure Client Access, I see where I can tweak web proxy and firewall client settings for VPN tunnels the same as I can for the internal network. This setting is new to me (I migrated from ISA 2004 to TMG 2010) and would seem to indicate this is supported. Of course I can't find much documentation on it.

I can provide more information on specifics of my config if needed. This issue exists across about 8 VPN tunnels that were all configured using the VPN site to site wizard, including the route and the access rules.
Post #: 1
RE: Web Proxy over a VPN Tunnel - 31.Jul.2012 11:37:37 AM   
billvor

 

Posts: 16
Joined: 1.Apr.2008
Status: offline 		I finally figured it out. After several days of research into the issue, I found in some ISA 2004 site to site vpn documentation that this is supported. To fix my problem on TMG 2010, I needed to have TMG SP1 Rollup 3 applied and then run the following command:

netsh tmg set global name=DontDropIPSECDetunneledTrafficToLocalhost value=1 persistent

It instantly fixed the issue.

This command reverses the change.

netsh tmg set global name=DontDropIPSECDetunneledTrafficToLocalhost value=0 persistent

(in reply to billvor)
Post #: 2

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> Web Proxy over a VPN Tunnel Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts