Welcome to ISAserver.org

Problem with SSTP VPN Access

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Forefront Unified Access Gateway 2010] >> Installation >> Problem with SSTP VPN Access

Page: [1]

Message

<< Older Topic Newer Topic >>

Problem with SSTP VPN Access - 25.Jan.2011 2:52:45 PM

Benny89

Posts: 2
Joined: 25.Jan.2011
Status: offline

Hello everyone,

I have a Secureguard Appliance with Microsoft Forefront UAG and Microsoft TMG.
I have sucessfully configured an SSTP VPN Access in the TMG Managment and it works. After this I defined a couple of rule sets to the restrict the VPN Access to and from the VPN clients. From the VPN clients to the internal LAN I can do everything I want, for example: ping, smb and so one (I have restricted the access to a few protocols). But from the internal LAN I cannot ping the VPN clients, but from the VPN clients to the LAN it works. On the TMG Logs & Reports Section I can see the ping packets and TMG reports that they are blocked:

Log type: Firewall service
Status: The action cannot be performed because the session is not authenticated.
Rule: intern 2 VPN
Source: Internal
Destination: VPN Clients
Protocol: PING
Additional information is empty.

I did a lot of google searches but with no result. Have you any idea? I cannot understand why it blocks the Ping Packets, because a ping cannot be authenticated. But it also blocks SMB and DNS traffic for example. I restricted the rule to the same user, for which I allowed VPN Access.
Thanks a lot.

Yours sincerly Benny

Post #: 1

Featured Links*

RE: Problem with SSTP VPN Access - 26.Jan.2011 3:21:27 AM

Jason Jones

Posts: 4663
Joined: 30.Jul.2002
From: United Kingdom
Status: offline

Have you defined a fw policy for Internal=>VPN Clients?

_____________________________

Jason Jones | Forefront MVP | Silversands Ltd
My Blogs: http://blog.msedge.org.uk/ and http://blog.msfirewall.org.uk/

(in reply to Benny89)

Post #: 2

RE: Problem with SSTP VPN Access - 26.Jan.2011 4:33:19 AM

Benny89

Posts: 2
Joined: 25.Jan.2011
Status: offline

Yes I have definied a FW policy Internal 2 VPN and one VPN 2 Internal. Both Rules include the same protocols (ping, ICMP, SMB .....), and of course different directions. And these Rules aply to the User Group in which the VPN Users are and to the System and Network Service. As I said before from VPN 2 Internal I can ping and everything but from Internal 2 VPN it does not work.

And today I rebootet the Server and my Static Address Pool Range has gone, I configured it again and rebooted and it vanished again....

< Message edited by Benny89 -- 26.Jan.2011 5:31:35 AM >

(in reply to Jason Jones)

Post #: 3

RE: Problem with SSTP VPN Access - 25.Aug.2011 5:56:33 AM

JIMMY1988

Posts: 5
Joined: 25.Aug.2011
Status: offline

A man was hit by a cab in the street. He was brought to the hospital. His wife who was standing up by his bed, said to the doctor: "I think that he is very

ill." "I am afraid that he is dead."said the doctor,Hearing this, the man moved his head and said: "I'm not dead. I'm still alive." "Be quiet, "said the wife.

"the doctor knows better than you!"
Just then a voice called from outside the door, "If you do, I won't go."

Coach Outlet Stores
Cheap Coach Purses

(in reply to Benny89)

Post #: 4