Article ID: 2780562 - View products that this article applies to.
Expand all | Collapse all

Symptoms

Consider the following scenarios.

Scenario 1
  • A server that is running Microsoft Forefront Threat Management Gateway 2010 is configured for a VPN site-to-site connection and uses IPsec Tunnel mode.
  • The Forefront TMG 2010 server is also configured to use network address translation (NAT) between two networks such as an internal network and an external network.
  • Clients on the internal network try to access a Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) server on the external network.
Scenario 2
  • A server that is running Microsoft Forefront Threat Management Gateway (TMG) 2010 is configured for a VPN site-to-site connection and uses IPsec Tunnel mode.
  • The Forefront TMG 2010 server is also configured to publish a Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) server.
  • Clients try to access the PPTP VPN server through the Forefront TMG 2010 server.

In these scenarios, the establishment of the client's PPTP connection may be unsuccessful because Forefront TMG 2010 drops the PPTP server's Generic Routing Encapsulation (GRE) packets.

Cause

The issue occurs because of incorrect handling of GRE packets in NAT mode when an IPSec-based site-to-site VPN is configured in Forefront TMG.

Resolution

To resolve this problem, install the hotfix package that is described in the following article in the Microsoft Knowledge Base:
2735208 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 2780562 - Last Review: January 21, 2013 - Revision: 3.0
Applies to
  • Microsoft Forefront Threat Management Gateway 2010 Service Pack 2, when used with:
    • Microsoft Forefront Threat Management Gateway 2010 Enterprise
    • Microsoft Forefront Threat Management Gateway 2010 Standard
Keywords: 
kbqfe kbfix kbexpertiseinter kbbug kbsurveynew KB2780562

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com