Solved: RVS4000 to Forefront TMG IPSec VPN

IanCurrie · ‎01-09-2012

Hello,

We configured a site-to-site VPN using a Cisco RVS4000 at one end and TMG at the other. When we initiate (PING) communication from a client on the TMG LAN, the link is UP and traffic flows both ways. However, if we start the communication from the Cisco LAN, the PINGs time-out and the link stays DOWN. Cisco's VPN log file is enclosed.

We verified that the IPSec settings at each end match and also tried updating the firmware to 2.0.2.7. Each side of thje tunnel uses a public IP address with no NAT devices in between.

Any ideas or suggestions appreciated.

Ian

bud · ‎01-13-2012

I have the same exact issue

anybody have a fix

View solution in original post

bud · ‎01-13-2012

I have the same exact issue

anybody have a fix

IanCurrie · ‎01-24-2012

Can anyone help with this? TMG to TMG works fine. Problem initiating IPSEC site-to-site from Cisco router to TMG...

Thanks,

Ian

IanCurrie · ‎01-25-2012

Here's a section of the router's log: Jan 6 22:44:36 - [VPN Log]: "HO_VPN" #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_NAT-D) at the outermost level Jan 6 22:44:36 - [VPN Log]: "HO_VPN" #1: sending notification INVALID_PAYLOAD_TYPE to PUBLIC_IP.145.18:500 Jan 6 22:44:56 - [VPN Log]: "HO_VPN" #1: message ignored because it contains an unknown or unexpected payload type (ISAKMP_NEXT_NAT-D) at the outermost level Jan 6 22:44:56 - [VPN Log]: "HO_VPN" #1: sending notification INVALID_PAYLOAD_TYPE to PUBLIC_IP.145.18:500 Any ideas most welcome, Ian