Hi, I have established a Site-to-Site IPSec tunnel between our TMG 2010 and our VPN at Amazon datacenters (where a couple of VMs were installed). The connection works fine while traffic from our side is being generated. However, when no traffic is being
detected, technicians at the Amazon side claims that the tunnel goes down. TMG is not reporting any loss of connection for the tunnel (at least I cannot see any alert logged). A simple ping to any of the VMs at Amazon allows the tunnel to work again (technicians
at Amazon side can see that).
Our TMG have Sp2 with update rollup 3 running over Windows server 2008 R2 with Sp2 and the latest windows updates. Any ideas would be much appreciated.
The tunnel is configured as below from our side:
Local Tunnel Endpoint: <<deleted for security>>
Remote Tunnel Endpoint: <<deleted for security>>
To allow HTTP proxy or NAT traffic to the remote site,
the remote site configuration must contain the local
site tunnel end-point IP address.
IKE Phase I Parameters:
Mode: Main mode
Encryption: AES128
Integrity: SHA1
Diffie-Hellman group: Group 2 (1024 bit)
Authentication Method: Pre-shared secret <<deleted for security>>
Security Association Lifetime: 28800 seconds
IKE Phase II Parameters:
Mode: ESP tunnel mode
Encryption: AES128
Integrity: SHA1
Perfect Forward Secrecy: ON
Diffie-Hellman group: Group 2 (1024 bit)
Time Rekeying: ON
Security Association Lifetime: 3600 seconds
Kbyte Rekeying: ON
Rekey After Sending: 100000 Kbytes
Remote Network 'AWS VPN Tunel 1' IP Subnets:
Subnet: 10.0.0.0/255.255.0.0
Subnet:<<deleted for security>>/255.255.255.255
Local Network 'Internal' IP Subnets:
Subnet: 192.168.0.0/255.255.248.0
Routable Local IP Addresses:
Subnet: 192.168.0.0/255.255.248.0
Xavier Villafuerte - http://preempalverec.blogspot.com