Smart Card VPN connections RRS feed

  • Question

  • Hi,

    I was hoping someone could shed some light on my VPN issue.

    I am using TMG2010 as the VPN server. This is a domain member and runs TMG only. It is essentially our internal firewall.
    VPN works fine using PPTP but i want to have users connect to the VPN using a smart card.

    We currently use smart cards to connect to live servers using RDP.
    I have read many articles but none explain the config for TMG2010 and Windows Server 2008R2 DC's.

    I can get the VPN client connection to ask for a smart card but it doesn't allow you to change from the default certificate on that card.

    Is there any way i can use the default user certificate on the card to connect to the VPN?
    The certificate in question is a 'smartcard user' cert and has the following purposes of Smart Card logon, client authentication, secure email.

    I would like users to use this certificate and enter their PIN just as they would connecting to a server using RDP.

    Do i need to use NPS on the TMG server at all?

    I have the TMG VPN requesting L2TP only and the client specifically using this protocol.

    I get the following error after attempting:

    "Error 789: The L2TP connection attempt failed because the security layer encountered a processing error during negotiations with the remote computer"

    Checking the logging on the TMKG server at the time of connecting i get two requests from IKE Client.
    The first states it has initiated connection and completed successfully.
    The second is the gracefully shutdown with a three-way handshake.
    No other logs on the TMG server.

    The root certificate is in the trusted root on the TMG server.

    Any help with this is appreciated.


    vendredi 22 juin 2012 14:55