Symptoms
Consider the following scenarios:
Scenario 1:
-
You have servers that are running Microsoft Forefront Threat Management Gateway 2010 (TMG) Service Pack 1 (SP1) with Integrated Network Load Balancing (NLB).
-
You have at least 2 network adapters, and you let Internet Protocol security (IPsec) and Layer 2 Tunneling Protocol (L2TP) traffic through the TMG array to a remote destination.
-
A route relationship is configured in TMG between networks where IPsec and L2TP/IPsec will be forwarded.
-
Some internal client computers use IPsec or L2TP/IPsec to connect to a server on the other network. The other network can be an external or perimeter network.
Scenario 2:
-
You have servers that are running TMG SP1 with NLB.
-
You have at least 2 network adapters, and you enable IPsec or L2TP traffic through the TMG array to a remote destination.
-
A network address translation (NAT)relationship is configured in TMG between networks where IPsec and L2TP/IPsec will be forwarded.
-
Some internal client computers use IPsec or L2TP/IPsec to connect to a server on the other network. The other network can be an external or perimeter network.
In these scenarios there is an NLB and TMG integration failure, and the client computers that use IPsec or L2TP/IPsec cannot connect to a server on the external or perimeter network.
Resolution
To resolve this problem, install the service pack that is described in the following Microsoft Knowledge Base article:
2555840 Description of Service Pack 2 for Microsoft Forefront Threat Management Gateway 2010
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates