Forefront TMG - SSTP Issue
Question
-
Hello,
I setted up a VPN Gateway for users remote access. Everything works very well with PPTP, but as some user encounter sometimes issues connecting that way on some Wifi public networks, some hotels, etc., I tried to implement SSTP.
I use a SSL certificate from a public CA
I succeed to make it work, but with a to big issues :
1- If SSTP is enabled, PPTP doesn't work anymore. If i disable SSTP, PPTP restart to work.
2- SSTP session won't end, even if a user disconnect or is disconnected. When he reconnect the VPN Client, it create a new session, and max VPN session number (set to 100) is reached in 8 hours of activity, resulting in VPN client showing error message 807. Usually with PPTP, I have only 30 sessions maximum.
Disabling SSTP, my VPN Gateway recovers full normal behaviour.
When SSTP is enabled and PPTP doesn't work anymore, logs show the following error :
Échec de la connexion / Connexion failed SRV-VPN-01 31/05/2012 11:59:37 Type de journal : Service Pare-feu / Firewall service État : Une tentative de connexion a échoué car le parti connecté n’a pas répondu convenablement au-delà d’une certaine durée ou une connexion établie a échoué car l’hôte de connexion n’a pas répondu. / A connexion attempt failed cause the connected peer did not correctly respond before timeout or the connexion host didn't respond
Règle : [System] Autoriser le trafic du client VPN vers Forefront TMG / Authorize trafic from VPN Client to Forefront TMG Source : Externe (80.214.9.141:1031) Destination : Hôte local (10.183.63.30:1723) Protocole : PPTP 
Informations supplémentaires
- Nombre d'octets envoyés : 0 Nombre d'octets reçus : 0
- Temps de traitement : 20998ms Adresse IP originale du client : 80.214.9.141
I searched for such issue, but didn't succeed to find a similar case. Does somebody have an idea ?
- Déplacé GIRAUD Alexandre - MVP Forefront - 3SR mardi 5 juin 2012 12:09 Forum EN (Origine :Gamme Sécurité : ISA, Forefront, Antigen )
