FIX: Client computers cannot access an L2TP server or an IPSec endpoint through a Threat Management Gateway 2010 server array that uses network load balancing

Article translations Article translations
Article ID: 2592455 - View products that this article applies to.
Expand all | Collapse all

On This Page

SYMPTOMS

Consider the following scenarios:

Scenario 1:

  • You have servers that are running Microsoft Forefront Threat Management Gateway 2010 (TMG) Service Pack 1 (SP1) with Integrated Network Load Balancing (NLB).
  • You have at least 2 network adapters, and you let Internet Protocol security (IPsec) and Layer 2 Tunneling Protocol (L2TP) traffic through the TMG array to a remote destination.
  • A route relationship is configured in TMG between networks where IPsec and L2TP/IPsec will be forwarded. 
  • Some internal client computers use IPsec or L2TP/IPsec to connect to a server on the other network. The other network can be an external or perimeter network.

Scenario 2:

  • You have servers that are running TMG SP1 with NLB.
  • You have at least 2 network adapters, and you enable IPsec or L2TP traffic through the TMG array to a remote destination.
  • A network address translation (NAT)relationship is configured in TMG between networks where IPsec and L2TP/IPsec will be forwarded. 
  • Some internal client computers use IPsec or L2TP/IPsec to connect to a server on the other network. The other network can be an external or perimeter network.
In these scenarios there is an NLB and TMG integration failure, and the client computers that use IPsec or L2TP/IPsec cannot connect to a server on the external or perimeter network.

RESOLUTION

To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
2555840 Description of Service Pack 2 for Microsoft Forefront Threat Management Gateway 2010

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

REFERENCES

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2592455 - Last Review: October 31, 2011 - Revision: 3.0
APPLIES TO
  • Microsoft Forefront Threat Management Gateway 2010 Enterprise
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 1
  • Microsoft Forefront Threat Management Gateway 2010 Standard
Keywords: 
kbfix kbbug kbexpertiseinter kbsurveynew KB2592455

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com