locked
remote-management of my ssl-vpn-clients... RRS feed

  • Question

  • ...hi @ll,

    i configured my ssl-vpn via portal and it works fine with 7/sstp and xp/networkconnector. my external clients are able to reach internal structures.

    now i like to manage my external clients from internal, like rdp them for remote-help. when i create an accessrule in tmg (internal - vpn-clients - all outbound) i can reach my external 7/sstp-clients, but not my xp/networkconnector-clients.

    when i connect my 7/sstp-clients via rdp the ssl-session is disconnected, because i switched the logged on user.

    any ideas how to handle this?

    tia, jens mander...

    gruss, jens mander aka karsten hentrup - www.aixperts.de - www.forefront-tmg.de - www.hentrup.net |<-|
    Monday, September 6, 2010 9:25 AM

Answers

  • This is probably because of routing - make sure that if the NC clients are getting assigned with IP addresses that are outside your subnet, that your default gateway "knows" to route traffic for them to the UAG's internal NIC. If it is, then use the TMG monitoring to see if RDP traffic is received from your computer, and if it is blocked or allowed. If it is blocked, then your network on UAG may not be configured correctly. If it is coming through, then a Network Monitor capture may shed some light on this (for example - perhaps the RDP traffic is received by the clients, but they don't have their network configured correctly, to send the traffic back.
    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, September 7, 2010 11:40 PM
    Tuesday, September 7, 2010 11:39 PM

All replies

  • This is probably because of routing - make sure that if the NC clients are getting assigned with IP addresses that are outside your subnet, that your default gateway "knows" to route traffic for them to the UAG's internal NIC. If it is, then use the TMG monitoring to see if RDP traffic is received from your computer, and if it is blocked or allowed. If it is blocked, then your network on UAG may not be configured correctly. If it is coming through, then a Network Monitor capture may shed some light on this (for example - perhaps the RDP traffic is received by the clients, but they don't have their network configured correctly, to send the traffic back.
    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Tuesday, September 7, 2010 11:40 PM
    Tuesday, September 7, 2010 11:39 PM
  • hi ben,

    routing is o.k. my external ssl-vpn-clients can reach my internal infrastructure (ping, etc.).

    i can manage my sstp-ssl-vpn-clients (o.k. - rdp is quickly dying - 'cause no rich-sstp-client in use) - but not my network-connector-ssl-vpn-clients!

    btw. no personal firewalls are turned on!


    gruss, jens mander aka karsten hentrup - www.aixperts.de - www.forefront-tmg.de - www.hentrup.net |<-|
    Wednesday, September 8, 2010 7:28 PM
  • Hi Jens

    Did you got this solved? I'm having the exact same problem. I also have a support case about this problem.

    -teemu

     


    br -teemu
    Wednesday, December 22, 2010 7:51 AM