I have a TMG 2010 SP1 machine with 3 network cards. One is our external IP, one for the internal network, and one is for a B2B network. I have setup a Site to Site VPN to another business for routing between us. The problem is I cannot initiate the VPN tunnel, when I try I see the initial IKE Protocol initiate but it never completes and after 61 seconds I get the connection closed message. However if they initiate the connection the tunnle connects and both they and I can send information back and forth.
How is this possible? Could I have some routing incorrect? I used the wizard for my connection and afterward changed my IPSe settings to match them. Since they can initiate the connection and it stays up I know that the settings are all correct. But if we kill the connection on both ends and I try to initiate then we get nothing. My routing rule is "Route" from "VPN Network" to "Hosted Network". I have a firewall policy set to allow the ports I need from "VPN Network" and"Hosted Network" to "VPN Network" and "Hosted Network". Again since they can initiate the connection and everything works I would think it's either something on my end or the are blocking me from establishing the connection. And although I feel it might be the latter they have site to site VPN's connected to multiple other vendors that do work so it's hard for me to argue.
Here is a basic layout. If the clients PC attempts to hit our hosted solution PC then the VPN connection gets established and they can browse our web server. Also our web server goes back through the tunnel and polls some of their network equipment
and this works. But if we attempt to pull info from their equipment from our end first it doesn't work (and should):
Any ideas?