Home > Computer network, Microsoft, Security > TMG 2010: Site to site clients cannot access TMG server

TMG 2010: Site to site clients cannot access TMG server

When I upgraded from ISA 2006 to TMG 2010 I found some special problem. There was HQ with TMG 2010 and one branch with ASA 5505. Between those two location there was Site to Site VPN tunnel created. Everything worked fine, beside one problem. Users in branch couldn’t access anything on TMG server. They couldn’t ping it or do anything with it. They couldn’t browse Internet, because TMG was also web proxy server for them.

There was no sign of not working. ASA logging was OK. Packets from branch clients was sent to tunnel, but there was no packed seen on TMG logging. After couple minutes I found this article.

Regarding mentioned KB there is some internal security setting which makes TMG to reject all packets from clients from Site to site VPN. I don’t see any idea behind this solution, but I think most of the people would disable this security feature.

  1. No comments yet.
  1. No trackbacks yet.