Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1347
Views
0
Helpful
0
Replies

VPN between ASA and Microsoft TMG

JAMES WEST
Level 1
Level 1

‎11-28-2011 01:02 PM

Hi All,

I have a bit of a strange one that l can't seem to figure out.

I have the following set-up -

Management Station Orion > LAN > Inside ASA > LAN > Internet Router > Cloud > ISP Router > Threat Management Gateway > Customers LAN ABC

The text in Red is managed by my company and is in our Data Centre. The Cisco ASA's outside interface is natted from a Public IP that peers to the remote site to site VPN with the Microsoft TMG. The text in Blue is managed by the ISP, and the text in Green is company ABC that has just been installed.

The VPN tunnel comes up on the Cisco ASA in the Data Centre and establishes Phase 1 & 2 with the remote peer, but no packets are decrypted on the return path from the Threat Management Gateway. See doc ABC ASA config.rtf

Management subnet (192.151.138.0) - Remote Peer (194.x.x.65) - Subnet being monitored (172.29.34.x)

We can see the tunnel establishing, the traffic coming in from the TMG and being returned again back to the Orion Management station 192.161.128.x (Orion) to 172.29.34.x (Loopback for SNMP). See attached Packet Capture

Any pointers on ASA to TMG debugging, trace files on the TMG etc would be greatly appreciated.

Regards,

James

Labels:
Preview file
28 KB
117932-Sniff on inside of TMG.pcap.zip
117937-ASA to TMG VPN.vsd.zip
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents