- You configure a Microsoft Forefront Threat Management Gateway (TMG) 2010 server as an IPsec site-to-site tunnel endpoint.
- You establish the IPsec tunnel, and then clients access resources on both sides of the VPN tunnel.
- You try to access the internal IP address of the Forefront TMG 2010 server by using a client on the remote network of the endpoint.
- Install the software update that is described in the following Microsoft Knowledge Base (KB) article:2498770 Software Update 1 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 1
- Make sure that the packets are not dropped by running the following command at a command prompt on each Forefront TMG server:netsh tmg set global name=DontDropIPSECDetunneledTrafficToLocalhost value=1 persistentNote To revert to the default settings, run the following command:netsh tmg set global name=DontDropIPSECDetunneledTrafficToLocalhost value=0 persistent
Article ID: 2502685 - Last Review: Feb 25, 2011 - Revision: 1