Dear community!
I would like to ask you if you could help me configuring the TMG I have here.
The network topology:
External
|
|
Site1 <- IPsec -> TMG <- IPsec -> Site2
/\
/ \
/ \
Internal DMZInternal: 192.168.201.0/24
DMZ: 192.168.151.0/24
Site1: 192.168.21.0/24
Site2: 192.168.202.0/24
All networks have their network objects created.
The problem is: I can see and ping everything from the Internal network,
but the he site1 and site2 can only see the Internal, nor the DMZ, nor eachother.
Network rules:
#1: All protected networks ROUTE All protected networks
#2: All protected networks NAT External.
Question: Is this good enough, or should I define all the route rules each-by-each?
I am not 100% sure if the TMG is the wheakest chain in the, but I have absolutely no monitoring abilites over the Brach office routers (FritzBoxes). So:
Question: Is there any way to monitor, os sniff into the traffic the TMG sends or receives on ove of the site-to-site connections?
Can I tap into and for example capture all the PING-s that were sent out or sent troughh the tunnen between TMG and Site1?This might be a relly dumb question, but sorry, I am stuggling with this for over a month now.
Firewall rules:
#1: Tonns of publishing rules.
#2:Allow all protocolls from All protected networks, to all protected networks. (Only until i find out what is wrong.)
#3: Standard Deny all from Everywhere
Question: Should there be a Demand dial connection in RRAs when you create a site-to-site connection?
Should the site-to-site VPN appear in the routing table?
