Welcome to ISAserver.org

Problem with SSTP VPN Access

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Forefront Unified Access Gateway 2010] >> Installation >> Problem with SSTP VPN Access

Page: [1]

Message

<< Older Topic Newer Topic >>

Problem with SSTP VPN Access - 25.Jan.2011 2:52:45 PM

Benny89

Posts: 2
Joined: 25.Jan.2011
Status: offline

Hello everyone,

I have a Secureguard Appliance with Microsoft Forefront UAG and Microsoft TMG.
I have sucessfully configured an SSTP VPN Access in the TMG Managment and it works. After this I defined a couple of rule sets to the restrict the VPN Access to and from the VPN clients. From the VPN clients to the internal LAN I can do everything I want, for example: ping, smb and so one (I have restricted the access to a few protocols). But from the internal LAN I cannot ping the VPN clients, but from the VPN clients to the LAN it works. On the TMG Logs & Reports Section I can see the ping packets and TMG reports that they are blocked:

Log type: Firewall service
Status: The action cannot be performed because the session is not authenticated.
Rule: intern 2 VPN
Source: Internal
Destination: VPN Clients
Protocol: PING
Additional information is empty.

I did a lot of google searches but with no result. Have you any idea? I cannot understand why it blocks the Ping Packets, because a ping cannot be authenticated. But it also blocks SMB and DNS traffic for example. I restricted the rule to the same user, for which I allowed VPN Access.
Thanks a lot.

Yours sincerly Benny

Post #: 1

Featured Links*

RE: Problem with SSTP VPN Access - 26.Jan.2011 3:21:27 AM

Jason Jones

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline

Have you defined a fw policy for Internal=>VPN Clients?

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Benny89)

Post #: 2

RE: Problem with SSTP VPN Access - 26.Jan.2011 4:33:19 AM

Benny89

Posts: 2
Joined: 25.Jan.2011
Status: offline

Yes I have definied a FW policy Internal 2 VPN and one VPN 2 Internal. Both Rules include the same protocols (ping, ICMP, SMB .....), and of course different directions. And these Rules aply to the User Group in which the VPN Users are and to the System and Network Service. As I said before from VPN 2 Internal I can ping and everything but from Internal 2 VPN it does not work.

And today I rebootet the Server and my Static Address Pool Range has gone, I configured it again and rebooted and it vanished again....

< Message edited by Benny89 -- 26.Jan.2011 5:31:35 AM >

(in reply to Jason Jones)

Post #: 3

RE: Problem with SSTP VPN Access - 18.Sep.2013 1:29:09 AM

mariasam

Posts: 1
Joined: 18.Sep.2013
Status: offline

free solitaire online

< Message edited by mariasam -- 10.Nov.2015 4:51:18 AM >

Post #: 4

RE: Problem with SSTP VPN Access - 29.Jan.2015 4:31:24 AM

Atifrazagg

Posts: 2
Joined: 29.Jan.2015
Status: offline

Hi People,
My company runs ISA 2006 SP1 on a Windows server 2003 SP2 box. Configuration is a simple Edge Firewall configuration. Our ISP used routers to configure our WAN, so our ISA NAT's traffic to the router which pushes traffic to the internet.
Recently, my CEO asked us to implement a separate network that our guests can utilize without them having access to our internal network. We configured a separate network and added a sub interface on our router.

http:www.leatherhomes.com

< Message edited by Atifrazagg -- 7.Jan.2017 6:47:17 AM >

(in reply to mariasam)

Post #: 5