Forefront TMG 2010 – remote access via VPN – PPTP – local authentication

Assumptions:

Remote users will be authenticated in local databases(Windows).

We will use PPTP protocol.

Only MS-CHAPv2 is allowed.

 

  • Choose Remote Access Policy (VPN) in left windown

Forefront_tmg2010_ra_vpn0.png

  • Click “Configure Address Assignment Method” and configure address pool for remote access clients

Forefront_tmg2010_ra_vpn1.png

 

in this tutorial we will use static pool

– click “Add”, select TMG server and specify address range for clients

Forefront_tmg2010_ra_vpn2.png

Forefront_tmg2010_ra_vpn3.png

– apply settings,click OK and update TMG configuration by clicking “Apply”.

Forefront_tmg2010_ra_vpn4.png

 

  • Specify Windows Users who can log in remotely via vpn

– click add and choose Windows Local Group

 

Forefront_tmg2010_ra_vpn5.png

– apply changes!

 

  • define VPN access – in this case PPTP

 

Forefront_tmg2010_ra_vpn6.png

– apply changes

 

  • configure authentication methods(MS-CHAP v2).

 

Forefront_tmg2010_ra_vpn6a.png

– apply settings

 

  • define network on which TMG will accept vpn connections(in most External)

Forefront_tmg2010_ra_vpn7.png

– apply changes if any

  •  Configure policy to allow traffic from VPN Client network to Internal

Forefront_tmg2010_ra_vpn8.png

 

– apply changes

 

  • check network rules(default one – routing between VPN and Internal and NAT between VPN and Internet – is OK in most situations)

Forefront_tmg2010_ra_vpn9.png

 

– apply changes

 

  • enable VPN client access

Forefront_tmg2010_ra_vpn10.png

 

  • Test VPN access from remote client( Monitor VPN Clients task)
  • Forefront_tmg2010_ra_vpn10.png

 

dzbanek 2013-01-03