08-29-2012 10:26 PM
I ma trying to setup a IPSEC site to site VPN between MS Forefront TMG 2010 to a Cisco SRP527W router
I am running the latest firmware on the router
I cannot get the 2 to connect, I have matched as best as possible the settings on the SRP527W as are in Forefront
I can't see any logs to indicate why this is not working, but may need to turn on more logging in Forefront
If anyone has any ideas?
Below are the Settings From Forefront TMG:
Local Tunnel Endpoint: External IP Router
Remote Tunnel Endpoint: External IP TMG
IKE Phase I Parameters:
Mode: Main mode
Encryption: 3DES
Integrity: SHA1
Diffie-Hellman group: Group 2 (1024 bit)
Authentication Method: Pre-shared secret (ThisIsAPreSharedKey2012)
Security Association Lifetime: 86400 seconds
IKE Phase II Parameters:
Mode: ESP tunnel mode
Encryption: 3DES
Integrity: SHA1
Perfect Forward Secrecy: OFF
Diffie-Hellman group: Group 2 (1024 bit)
Time Rekeying: ON
Security Association Lifetime: 28800 seconds
Kbyte Rekeying: ON
Rekey After Sending: 4608000 Kbytes
Site-to-Site Network IP Subnets:
Subnet: 10.10.10.0/255.255.255.0
08-30-2012 01:02 AM
Hi Wayne,
Can I assume from your TMG settings above that this is installed behind a NAT gateway? If so, ensure that you enable NAT-T on the SRP and configure the IKE policy "Remote ID" with the private address of the TMG.
Hope that helps,
Andy
08-30-2012 03:58 PM
Hi Andy,
The TMG is public facing, but is on a cloud based server
Supposly the firewall in front of it is not block anyports, at least that is what they tell us
I did try what you suggested anyway, but no luck
Wayne
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide