I recently added a site-to-site IPsec tunnel to a TMG server that was already publishing a 3rd party IPsec server located on the internal network. The site-to-site works fine but users are no longer able to connect to the pre-existing internal IPsec server. I suspect that TMG, now that it is an IPsec endpoint itself has bound it's own IPsec service to all IP addresses on the external interface.
Is there any way to specify a specific IP address for the windows IPsec service to bind to allowing the existing 3rd party IPsec server to take possession to the IPsec ports on a different IP address.
Or are there any other solutions?
Thanks,
Jim