Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

TMG not allowing certain traffic from VPN

Posted on 2009-07-15
2
704 Views
Last Modified: 2012-06-22
Hi,

This is my first EBS 2008 installation and my first time working with Forefront-TMG so please bear with me!

We have a number of users who use VPN to access their Outlook mailboxes. Whilst I am planning on moving them to direct connection (RPC / Outlook Anywhere etc) for the moment, it is convenient to continue like this.

I have setup rules etc as best I can and the VPN now appears to be mainly ok but I am noticing certain protocols & traffic are being blocked. I have checked the logs and from what I can tell, this traffic does not appear to be "named" as the user.

By this I mean when logging in to the VPN remotely I can ping hosts on this network, I can RDP, I can NetBIOS onto all the servers etc, but when I try and use outlook, TMG does not see my VPN username (when viewing in the log) and therefor the Outlook traffic hits the default rule and gets blocked.

I have attached both a text log of this and a screenshot as I'm finding it hard to explain! The log as the most info in and is best viewed with word wrap off, the screenshot just underlines what I'm trying to say.

I have setup the VPN to have the same addresses as the LAN and it gets these via DHCP so the IP address in these logs (192.168.0.90) is my home server connected via VPN. In the screenshot you can see all the allowed traffic in black with the domain & username listed but on the failed Outlook RPC packets it does not have the admin listed although it is still coming in via the VPN and is listed as the "VPN Clients" network (it has to be hitting via VPN or else it would not have an internal IP against it)

I am guessing I must have to add another rule or something but I am blowed if I can work out how to do this! In effect this traffic is internal to internal so I don't see how to add this.

Many thanks

Stephan
Academy Networks
Screenshot.jpg
log.txt
0
Comment
Question by:academynetworks
  • 2
2 Comments
 

Author Comment

by:academynetworks
ID: 24867667
Anyone? :)
0
 

Accepted Solution

by:
academynetworks earned 0 total points
ID: 24868316
Ok I worked it out. I believe I had to add an allow all outbound from VPN clients to internal for this to work. I already had an allow all outbound to external so I just added to this. Anyone know if this is considered safe?...

Allow > All Networks (and localhost) + VPN Clients > External & inbound.

I am guessing it's all outbound so is ok, but a confirmation would be great.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configure TMG 2010 as a transparent Proxy 9 856
ForFront TMG Server Error 8 101
IRM and Office 2016 5 385
ForeFront TMG error 7 19
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question