Del via


How to publish a VPN SSTP using your UAG in a HTTPS trunk

Configuration:

Win7 RDP6.1 10.10.11.88   (VPN Network 192.168.33.0-192.168.33.255)
|
10.10.11.252 (UAGhttpsTrunk.allinone.com)
UAG
10.10.10.252
|
----------------------------------10.10.10.0/24-----------------------
|
DC(10.10.10.12) ex2010all.allinone.com default gateway of the DC is the UAG. If you have other DefaultGateway the

First think to do is to configure the trunk, you need to have a certificate and the CRL for that certificate must be accessible.

1) Create the trunk

So on the UAG console we start by creating the trunk:

We go to HTTPS Connections -> RClick -> New Trunk - Portal Trunk

I gave the name: UAGHttpsTrunk.allinone.external

On the Authentication Server select the internal DC - ex2010all.allinone.com -> Next

Select a certificate.

Important: (About the certificate, public name and CRL)

The public name of the certificate must match the name of the External name you are going to access.

In my case the VPN connection and trunk are going to be accessed by using the name UAGhttpsTrunk.allinone.external

This certificate has the CRL link that can be accessed correctly. This causes problems if not well configured.

 Next - Endpoint Policies I left the Default

Next - Finish

Creating the VPN SSTP

On top we go to Admin go to Remote Network Access and then select SSL Network Tunneling(SSTP)

 

 Select the Trunk we have created UAGhttpsTrunk

 Next - on protocols select SSTP

Next - Address Assignment I've created a entry where Start Address is 192.168.33.0 end address is 192.168.33.255 (don't worry about the network 0 and mask address 255, UAG takes care of that).

ACTIVATE

 Save / Activate

CLIENT CONFIGURATION

Control Panel\All Control Panel Items\Network and Sharing Center

Setup a new connection or network

Next- Create a new connection

Next- Use My Internet connection VPN

Next - Add the address of the trunk

Next - user name and password

 

VPN Connected

You were able to access the internal DNS on the DC 10.10.10.12 with success

This is working.

Comments

  • Anonymous
    January 01, 2003
    Hello all. visit the blog of the Microsoft Support Portuguese IT community: blogs.technet.com/.../suporte Good reading! :D

  • Anonymous
    October 14, 2011
    I was doing a mistake, I was just creating the entry in the Portal with the Remote Access and was not working. I needed to create the entry in the Admin part. Searched for this and worked. Thanks.

  • Anonymous
    November 18, 2011
    Thanks for your great article on How to publish a VPN SSTP using your UAG in a HTTPS trunk. Can you please tell me if the UAG server has to be a member of the domain in order for authentication to work with VPN SSTP? Everything is working for me except authentication - my UAG server is not a member of my domain. Thanks!