Forefront TMG 2010 - remote access via VPN - PPTP - local authentication



Remote users will be authenticated in local databases(Windows).

We will use PPTP protocol.

Only MS-CHAPv2 is allowed.


  •  Choose Remote Access Policy (VPN) in left windown


  • Click "Configure Address Assignment Method" and configure address pool for remote access clients



in this tutorial we will use static pool

 - click "Add", select TMG server and specify address range for clients



 - apply settings,click OK and update TMG configuration by clicking "Apply".



  •  Specify Windows Users who can log in remotely via vpn

 - click add and choose Windows Local Group



  - apply changes!


  • define VPN access - in this case PPTP



  - apply changes


  • configure authentication methods(MS-CHAP v2).



  - apply settings


  • define network on which TMG will accept vpn connections(in most External)


 - apply changes if any

  •  Configure policy to allow traffic from VPN Client network to Internal



  - apply changes


  • check network rules(default one - routing between VPN and Internal and NAT between VPN and Internet - is OK in most situations)



  - apply changes


  • enable VPN client access



  •  Test VPN access from remote client( Monitor VPN Clients task)
  • Forefront_tmg2010_ra_vpn10.png


 dzbanek 2013-01-03



This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.