Month: September 2012

TMG 2010 Site 2 Site IPSEC Tunnel and HTTP Traffic Fails to flow

Have come across this several times now so thought it warranted a post. In an environment where a site tunnel is established between a TMG to Cisco ASA (IPSec) websites that are on other side of the tunnel cannot be displayed and give the following:

Technical Information (for support personnel)
Error Code 10060: Connection timeout
Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties. 

The TMG log view the outgoing connection attempt in the log then shows the follow error:

Failed Connection Attempt
Log type: Web Proxy (Forward)
Status: 10060 A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Rule: Allow access between Site A and Site B

The easiest fix was to open the HTTP protocol and disable the application filter. See eg:

This obviously disables some useful features; the better option is to create a custom HTTP protocol that is not associated to the web proxy filter. Then create a rule that applies to traffic between sites using this HTTP protocol.

Advertisements