So this one has been bugging me for a while… and then a client asked for it – so i had to get it sorted….
So it seems with some Cisco VPN connections, i can connect, but not send any traffic when the Cico VPN client is behind a TMG server. Give the VPN client a direct connection and its fine…. so after a bit of looking, i think i have it working…
1) Set AssumeUDPEncapsulationContextOnSendRule = 2 as per http://support.microsoft.com/kb/926179
2) Run netsh tmg set global name=BlockSecuredInDefaultState value=0 persistent on the TMG server – as per http://forums.isaserver.org/m_2002104621/mpage_1/key_/tm.htm#2002104688 (then reboot)
3) Create 2 publishing rules on the TMG server, one which reverse publishes IKE and the other NAT-T