Cisco Support Community
Community Member

VPN between ASA and Microsoft TMG

Hi All,

I have a bit of a strange one that l can't seem to figure out.

I have the following set-up -

Management Station Orion > LAN > Inside ASA > LAN > Internet Router > Cloud > ISP Router > Threat Management Gateway > Customers LAN ABC

The text in Red is managed by my company and is in our Data Centre. The Cisco ASA's outside interface is natted from a Public IP that peers to the remote site to site VPN with the Microsoft TMG. The text in Blue is managed by the ISP, and the text in Green is company ABC that has just been installed.

The VPN tunnel comes up on the Cisco ASA in the Data Centre and establishes Phase 1 & 2 with the remote peer, but no packets are decrypted on the return path from the Threat Management Gateway. See doc ABC ASA config.rtf

Management subnet ( - Remote Peer (194.x.x.65) - Subnet being monitored (172.29.34.x)

We can see the tunnel establishing, the traffic coming in from the TMG and being returned again back to the Orion Management station 192.161.128.x (Orion) to 172.29.34.x (Loopback for SNMP). See attached Packet Capture

Any pointers on ASA to TMG debugging, trace files on the TMG etc would be greatly appreciated.



CreatePlease to create content