We currently have to standalone TMG arrays that are connected with an IPsec VPN tunnel. We have an SCCM server located in 1 Datacenter behind the array. In that DC, all servers, including the TMG servers, can connect to the SCCM server. In the other datacenter (DC), all servers are able to traverse the tunnel and communicate with the SCCM server.
The only issue is the TMG array at the other end of the tunnel. Neither of the servers can reach any of the servers behind the tunnel. When I look at the logging, it says the adapter is localhost, but the client IP is the public IP of the TMG server. The logging on the other side of the tunnel (DC with SCCM) shows no connection attempts. There are explicit firewall rules to allow the traffic from localhost to the network on the other side of the tunnel.
How do I configure the TMG array to use the IPsec tunnel when communicating with servers on the other side?