1/ IntroductionAfter my post about [UAG] SSL Network Tunneling : Connection ended, I will describe the main steps to deploy a VPN gateway through Forefront UAG.
2/ Common part
3/ VPN (SSTP) for Windows Vista or higherFirst of all you will found a brief description of the VPN SSTP on this article: How SSTP based VPN connection works.
If the user wants to use the Windows built-in VPN client, on his Active Directory account properties we need to allow the access on the Network Access Permission section on the Dial-in tab.
On the Getting Started wizard at the Network Configuration step, when we need to define the internal network IP address range we exclude the IP pool of the VPN client to avoid a warning / error message while configuring the VPN SSTP feature.
Attention: this IP range must be the same used on the IP Address Assignment of the VPN SSTP settings.
3.2/ Remote Network Access settings
On the Admin > Remote Network Access menu we choose SSL Network Tunneling (SSTP).
Take care of what I said on chapter 3.1 :).
4/ VPN (SSL) for Windows Xp
On the Admin > Remote Network Access menu we choose SSL Network Tunneling.
In order to access to the settings we need to enable Activate SSL Network Tunneling, then on the Network Segment tab don't forget to provide the following setting:
- Advanced Networking configuration in order to provide to the VPN client the DNS information and the default gateway to use
- On the Connection Name column check if the connected interface is the internal one
On the IP Provisioning tab I choose to use the Corporate IP Addresses setting and to provide an IP pool for each array member.
Access Control tab, for this part I let the user to use his personal internet connection and not the corporate web proxy.
On the Additional Networks tab it's possible to limit the access to a limited scope of resources.
The server informs us that some IP will be excluded on the client IP pool, then we need to activate the configuration.