none
UAG 2010 Single server SSL VPN problem RRS feed

  • Question

  • Hi I've been trying to setup a UAG server with SSL VPN using Network Connector for 3 days now, and I'm running out of ideas.  Can someone please suggest where I have gone wrong?

    Single Server OS: Windows 2008 R2 Standard 64bit
    Two NICS
    1. Interal NIC 172.25.220.38 MASK 255.255.254.0 no gateway DNS 172.25.0.51
    2. DMZ NIC 172.25.251.25 MASK 255.255.255.0 GW 172.25.251.1 DNS 172.25.0.51
     Static route for 172.16.0.0 MASK 255.240.0.0 172.25.220.1

    I have setup a portal and owa and I can get to that from the Internet and from internal.

    SSL Network Tunnel (Legacy) (using the same trunk as my owa)
    1. Activated SSL Network Tunneling
    2. Use the Following Connection - Internal
    3. Complemetry Data - Only if Network Configuration is Missing
       3.1 DNS 172.25.0.51
       3.2 DNS 172.25.128.43
       3.3 DNS Suffix xxxxxxx
       3.4 WINS 172.25.65.43
       3.5 WINS 172.25.1.54
       3.6 Gateway 172.25.220.1
    4. Pool Type Private IP Range 172.25.205.10 - 172.25.205.250
    5. Access control - Non-Split Tunneling
    6. Create an Access Rule on the UAG TMG allow pool range to internal network.

    Now when I connect the SSL tunnel from portal I can ping the 172.25.205.10 (gateway) once or twice from the remote client before it stops replying, the remote connection then ends after a mintue or so, but I can only receive around 193 bytes of data.

    Any suggestions???

    Thanks

    Cory 
    Wednesday, February 24, 2010 9:24 PM

Answers

  • Your config appears valid, so the next step would be to enable client-side tracing and inspecting the logs for the disconnect reason. I recommend opening a support case with Microsoft CSS for this, as troubleshooting at this level is quite complicated.


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, March 1, 2010 9:37 PM
    Monday, March 1, 2010 9:37 PM

All replies

  • Your config appears valid, so the next step would be to enable client-side tracing and inspecting the logs for the disconnect reason. I recommend opening a support case with Microsoft CSS for this, as troubleshooting at this level is quite complicated.


    Ben Ari
    Microsoft CSS IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, March 1, 2010 9:37 PM
    Monday, March 1, 2010 9:37 PM
  • In Application Properties for my SSL VPN App, in the Server settings page I needed to change the Arguments to show -egap IP   where IP is my actual Internet IP not my DMZ External IP, we have a Internet IP being forwarded to us.

    This fixed the tunnel dropping issue, then I could troubleshoot the routing issues on my FWSM, all is working now.

    Thanks

    Tuesday, March 2, 2010 4:52 PM