• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Problem with SSTP VPN Access

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Forefront Unified Access Gateway 2010] >> Installation >> Problem with SSTP VPN Access Page: [1]
Login
Message << Older Topic   Newer Topic >>
Problem with SSTP VPN Access - 25.Jan.2011 2:52:45 PM   
Benny89

 

Posts: 2
Joined: 25.Jan.2011
Status: offline
Hello everyone,

I have a Secureguard Appliance with Microsoft Forefront UAG and Microsoft TMG.
I have sucessfully configured an SSTP VPN Access in the TMG Managment and it works. After this I defined a couple of rule sets to the restrict the VPN Access to and from the VPN clients. From the VPN clients to the internal LAN I can do everything I want, for example: ping, smb and so one (I have restricted the access to a few protocols). But from the internal LAN I cannot ping the VPN clients, but from the VPN clients to the LAN it works. On the TMG Logs & Reports Section I can see the ping packets and TMG reports that they are blocked:

Log type: Firewall service
Status: The action cannot be performed because the session is not authenticated.
Rule: intern 2 VPN
Source: Internal
Destination: VPN Clients
Protocol: PING
Additional information is empty.

I did a lot of google searches but with no result. Have you any idea? I cannot understand why it blocks the Ping Packets, because a ping cannot be authenticated. But it also blocks SMB and DNS traffic for example. I restricted the rule to the same user, for which I allowed VPN Access.
Thanks a lot.

Yours sincerly Benny
Post #: 1
RE: Problem with SSTP VPN Access - 26.Jan.2011 3:21:27 AM   
Jason Jones

 

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline
Have you defined a fw policy for Internal=>VPN Clients?

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Benny89)
Post #: 2
RE: Problem with SSTP VPN Access - 26.Jan.2011 4:33:19 AM   
Benny89

 

Posts: 2
Joined: 25.Jan.2011
Status: offline
Yes I have definied a FW policy Internal 2 VPN and one VPN 2 Internal. Both Rules include the same protocols (ping, ICMP, SMB .....), and of course different directions. And these Rules aply to the User Group in which the VPN Users are and to the System and Network Service. As I said before from VPN 2 Internal I can ping and everything but from Internal 2 VPN it does not work.

And today I rebootet the Server and my Static Address Pool Range has gone, I configured it again and rebooted and it vanished again....

< Message edited by Benny89 -- 26.Jan.2011 5:31:35 AM >

(in reply to Jason Jones)
Post #: 3
RE: Problem with SSTP VPN Access - 18.Sep.2013 1:29:09 AM   
mariasam

 

Posts: 1
Joined: 18.Sep.2013
Status: offline
I like it very much thanks for sharing this information with us…. :)

_____________________________

ccda ccda
ccvp ccvp
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Forefront Unified Access Gateway 2010] >> Installation >> Problem with SSTP VPN Access Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts