Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

FIX: PPTP connections through Forefront Threat Management Gateway 2010 may be unsuccessful


View products that this article applies to.

Symptoms

Consider the following scenarios.

Scenario 1
  • A server that is running Microsoft Forefront Threat Management Gateway 2010 is configured for a VPN site-to-site connection and uses IPsec Tunnel mode.
  • The Forefront TMG 2010 server is also configured to use network address translation (NAT) between two networks such as an internal network and an external network.
  • Clients on the internal network try to access a Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) server on the external network.
Scenario 2
  • A server that is running Microsoft Forefront Threat Management Gateway (TMG) 2010 is configured for a VPN site-to-site connection and uses IPsec Tunnel mode.
  • The Forefront TMG 2010 server is also configured to publish a Point-to-Point Tunneling Protocol (PPTP) virtual private network (VPN) server.
  • Clients try to access the PPTP VPN server through the Forefront TMG 2010 server.

In these scenarios, the establishment of the client's PPTP connection may be unsuccessful because Forefront TMG 2010 drops the PPTP server's Generic Routing Encapsulation (GRE) packets.

↑ Back to the top


Cause

The issue occurs because of incorrect handling of GRE packets in NAT mode when an IPSec-based site-to-site VPN is configured in Forefront TMG.

↑ Back to the top


Resolution

To resolve this problem, install the hotfix package that is described in the following article in the Microsoft Knowledge Base:
2735208 Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


References

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

↑ Back to the top


Keywords: kbqfe, kbfix, kbnotautohotfix, kbexpertiseinter, kbbug, kbsurveynew, kb

↑ Back to the top

Article Info
Article ID : 2780562
Revision : 1
Created on : 1/7/2017
Published on : 1/21/2013
Exists online : False
Views : 413