• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

L2TP VPN on TMG 2010 not working.

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> L2TP VPN on TMG 2010 not working. Page: [1]
Login
Message << Older Topic   Newer Topic >>
L2TP VPN on TMG 2010 not working. - 11.Jul.2011 5:46:36 PM   
miro.lukac

 

Posts: 9
Joined: 15.Feb.2009
Status: offline
Hi guys,
for years we were using ISA 2006EE, two node array. Recently I was playing with new TMG 2010 on my test setup and I am not able to make simple stupid VPN access work. I have Hyper-V host, I have virtual DC server with new test domain and I have one virtual TMG 2010 enterprise server with two NICs, one internal and one external, TMG is in domain. Setup was easy, everything works fine except VPN access. I have error 691, basically it says that is not able to authenticate me. In logs I see no red errors only successfull connects. Setup is exact copy of my working setup on ISA 2006, but there is one thing different on TMG, when I am trying to add Group in "Configure VPN Client access" it defaults to machine instead to my test domain. When I change to my domain and find group "Domain Users" after add I see Namespace:Windows, Group:None, Domain:BATMG1 (name of my TMG server). That is different than on ISA and obviously wrong, I am confused...Please advise/help.
Post #: 1
RE: L2TP VPN on TMG 2010 not working. - 12.Jul.2011 2:49:30 AM   
Xavier_arena

 

Posts: 18
Joined: 11.Apr.2011
Status: offline
hi,

TMG/ISA always defaults to the local TMG/ISA Server when you try to select users from the authentication namespace.
If I understand you correctly, it is possible to select users and groups from Active Directory?
Please check if the RRAS/NPS service from Windows on the TMG Server is correctly configured and started.
Which client OS are the VPN clients running? Windows Vista and 7? Did you tried it with a XP client?
http://support.microsoft.com/kb/926179

< Message edited by Xavier_arena -- 12.Jul.2011 2:58:28 AM >


_____________________________

Xavier

(in reply to miro.lukac)
Post #: 2
RE: L2TP VPN on TMG 2010 not working. - 12.Jul.2011 8:51:38 AM   
miro.lukac

 

Posts: 9
Joined: 15.Feb.2009
Status: offline
Hi Xavier,

thanks for reply. Our live ISA 2006 EE setup always defaults to domain, I just double-checked that. My test system defaults to name of TMG server. Hmmm.

Now to your questions:
1. Yes it is possible to select any group in domain and add it, but after that what I see is "no group" and instead of domain is name of server, this is really strange.
2. My setup is DC - Win Server 2008 Std R2 SP1, one LAN interface is what I call SERVER LAN. Fixed IP, forest and domain are Windows 2003 level (I am trying to simulate our domain environment). TMG is the same version Win Server 2008 Std R2 SP1 with TMG 2010 without SP1.
3.Client is the same I am using for live system (same VPN setup except is ISA 2006),
it is Windows 7 Ent all last SPs patches,
4.Systems are running on Hyper-V server as guests. SERVER LAN is internal with no connection to physical LAN, EXTERNAL LAN is connected to physical LAN.

RRAS/NPS service is running OK, my client complains about authentication (login/password wrong or is not able to auth.), so I think there is something wrong with my DC (one sign is that strange behaviour while selecting groups).
I will test something but any further ideas are welcome.

Miro

(in reply to Xavier_arena)
Post #: 3
RE: L2TP VPN on TMG 2010 not working. - 18.Jul.2011 4:37:15 AM   
miro.lukac

 

Posts: 9
Joined: 15.Feb.2009
Status: offline
OK. Mystery solved. As a man who knows VMWare virtualization platform a little bit, I was assuming that Hyper-V from Microsoft has same features, that just have different names. In VMWare you can clone server installation and have new unique server almost instantly. I was using export virtual and import virtual (Copy mode) to do same in Hyper-V. It is not the same. I ended up with DC and TMG servers with indentical SIDs (ouch). So basically my fault, shortcuts are sometimes longcuts...

(in reply to miro.lukac)
Post #: 4

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Threat Management Gateway (TMG) 2010] >> General >> L2TP VPN on TMG 2010 not working. Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts