Forefront TMG 2010 - remote access via VPN - PPTP - local authentication

 

 Assumptions:

Remote users will be authenticated in local databases(Windows).

We will use PPTP protocol.

Only MS-CHAPv2 is allowed.

 

  •  Choose Remote Access Policy (VPN) in left windown

 Forefront_tmg2010_ra_vpn0.png

  • Click "Configure Address Assignment Method" and configure address pool for remote access clients

Forefront_tmg2010_ra_vpn1.png

 

in this tutorial we will use static pool

 - click "Add", select TMG server and specify address range for clients

Forefront_tmg2010_ra_vpn2.png

Forefront_tmg2010_ra_vpn3.png

 - apply settings,click OK and update TMG configuration by clicking "Apply".

Forefront_tmg2010_ra_vpn4.png

 

  •  Specify Windows Users who can log in remotely via vpn

 - click add and choose Windows Local Group

 

Forefront_tmg2010_ra_vpn5.png

  - apply changes!

 

  • define VPN access - in this case PPTP

 

 Forefront_tmg2010_ra_vpn6.png

  - apply changes

 

  • configure authentication methods(MS-CHAP v2).

 

Forefront_tmg2010_ra_vpn6a.png

  - apply settings

 

  • define network on which TMG will accept vpn connections(in most External)

Forefront_tmg2010_ra_vpn7.png

 - apply changes if any

  •  Configure policy to allow traffic from VPN Client network to Internal

 Forefront_tmg2010_ra_vpn8.png

 

  - apply changes

 

  • check network rules(default one - routing between VPN and Internal and NAT between VPN and Internet - is OK in most situations)

Forefront_tmg2010_ra_vpn9.png

 

  - apply changes

 

  • enable VPN client access

Forefront_tmg2010_ra_vpn10.png

 

  •  Test VPN access from remote client( Monitor VPN Clients task)
  • Forefront_tmg2010_ra_vpn10.png

 

 dzbanek 2013-01-03

 

 

This site uses cookies. Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site will not work.