I'm having a problem with a site-to-site VPN on a TMG 2010 SP1 server. The connection starts out with no problems but every few days it disconnects and I have to restart the firewall service and the RRAS service on both members of the array in order to resume the VPN connection.
Nothing appears in the traffic logs which aids troubleshooting for me, just initiated and closed connections from the local end stating that no SYN ACK response was received.
I've been through the steps laid out in the MS technet article relating to the VPN not using the NLB address and using the local server's gateway, but when I've used netmon to inspect the traffic this symptom doesn't apply to me so I haven't applied that patch.
When the link is down I see an alert in TMG as below:
Description: The Firewall service cannot remove the IPsec configuration for NETWORK NAME network.
The failure is due to error: The parameter is incorrect.
The same site-to-site link worked just fine using ISA 2006.
Can anybody help please?