Publishing Direct Access 2012 via TMG 2010


  • Hi all,

    I have TMG 2010 behind NAT device to publish my direct access 2012. I have published the DA server and open built in system policy regarding Direct Access on TMG. I also enabled the VPN on direct access server.

    When i try the VPN connection from outside organization, it is failed. I monitor the incoming request to my da server on TMG, and i can see there is no denied incoming request, there are only 2 types of traffic, Initiated and Closed.  

    The Initiated one seems ok, but the Closed Connection mentioning that the connection was abortively closed after one of the peers sent an RST packet

    Previously i had testing environment with exactly the same publishing rule entry on TMG, it works perfect. The only different between my testing environment and the current is that the current TMG is behind the NAT device.

    Anyone has experienced this? Please advice.


    PS: I tested the VPN using Windows 7 client, the VPN connection error code on client was 800 (The remote connection was not made because the attemted VPN tunnels failed) 

    • Edited by casper000 Wednesday, June 26, 2013 9:45 AM
    Wednesday, June 26, 2013 9:42 AM

All replies

  • If TMG dropped RST package, does it mean the TMG cannot proceed the request to destination? If yes, hpw do i know which party has missed the configuration, the TMG or DA server?
    Wednesday, June 26, 2013 2:18 PM
  • Hi

    I've worked on such scenario a few weeks ago : Publishing DirectAccess with a TMG Appliance.

    The only tricky thing is that IPHTTPS cannot be handeled by the standard Web publishing rule. There is no change on DA (unless you want to publish multiple DA on the same public address).

    BenoitS - Simple by Design

    Wednesday, June 26, 2013 7:50 PM
  • Hello,

    Actually my DA publishing is just exactly the same with the link given, that's why it works on lab environment...i confuse it doesn't on the current env...

    Thursday, June 27, 2013 1:46 AM
  • Are you sure of your edge device configuration in front of your TMG?

    BenoitS - Simple by Design

    Thursday, June 27, 2013 7:04 AM
  • Well the packet has arrived at TMG, so i conclude there is no problem from any edge device to TMG. I think the problem at TMG, or between TMG to DA...

    Monday, July 01, 2013 1:30 AM
  • OK,

    So do you have incoming trafic from your TMG to your Windows Server 2012 server? If not do you have denied trafic in the live monitoring of your TMG?

    BenoitS - Simple by Design

    Tuesday, July 02, 2013 7:31 AM
  • Hi,

    I can see incoming request to my DA server in TMG Log & Report, but i cannot be sure the traffic goes to DA server itself, because just like i said from the beginning, the connection was abortively closed due to the received packet...

    • Edited by casper000 Tuesday, July 09, 2013 10:04 AM
    Monday, July 08, 2013 11:05 AM
  • Just install a network monitor on your URA server. We'll se if it's TMG or DA that close the connection.

    BenoitS - Simple by Design

    Thursday, July 11, 2013 7:37 PM