03-20-2012 01:51 PM
Currently i am having a scenario where i have setup RV042 and which is connected to Microsoft Forefront 2010. PPTP works fine only on rv042 subnet but i am not able to access the "internal" network of TMG.
RV042 (172.16.1.1) ---> TMG [external] (172.16.1.2) ---> TMG [internal] (192.168.1.1)
Is there any way through static route to access the TMG internal network through RV042 pptp server ?
03-21-2012 11:50 AM
Try adding a static route inside the RV042 to point to TMG . Also you might need to make a firewall exception inside the TMG. Note i haven't tested but PPTP connection you send all traffic to remote host. So in theory it should work.
Jasbryan
03-21-2012 12:39 PM
Thanks jasbryan, one of my very good friend suggested the same but didn't give it a try. Haven't used TMG ever but ill give it a try. Do you have any idea like what kind of rules i need to create in TMG and without changing any option like (gateway or router mode) ?
What ip address i should mention in Destination , is it 192.168.1.1 and what should be the gateway than ?
03-25-2012 09:26 AM
Well after expecting experts views from so long, i took help from one of my senior where i had to make changes in NETWORK RULES of TMG by creating Internal to External & External to Internal rules for 5 PPTP ip addresses and it started working. This is how it helped.
Common troubleshooting steps :
1. Check the IP address of TMG if it is pinging through RV042 firmware.
2. If not pinging than create a policy to allow PING into internal network.
3. Do the STATIC ROUTING in RV042 by keeping the IP address as TMG internal ip & gateway as TMG wan static ip.
4. Ping to confirm if you are having access through the router to TMG using PING utility of RV042.
5. Once you are able to PING than , enable PPTP and connect from the remote side and PING the WAN static ip of TMG and any of the INTERNAL ip of TMG network.
6. If you are not able to ping TMG internal network by just STATIC ROUTING from RV042
7. Than you need to create two rules under NETWORK RULES of FOREFRONT (check this option in FOREFRONT management window) , first you need to create a range of PPTP ip addresses in SUBNET category of TMG and use these range of ip addresses in the rules we are going to create.
8. Create SOURCE (PPTP IP ADDRESS RANGE) to INTERNAL and INTERNAL to (PPTP IP ADDRESS RANGE)
9. That's it , i am sure you will be able to ping it from the remote and so does access the resources of TMG network.
Please if any one have any doubts, post it here. Ill be really glad to help. Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide