Can't RDP into servers after connecting to PPTP

We have a small business essential server.  Our security server which has RAS running on it allows PPTP connections however after you connect and get an IP you can't ping or RDP to any of the servers or workstations on the lan.  Is this a rule on the forefront management ?

LVL 1
corpdsincAsked:
Who is Participating?
 
markdmacConnect With a Mentor Commented:
You should not have to power cycle the server.  When you click to apply a rule it will recycle the firewall service, that should only affect Internet traffic momentarily.
0
 
pwindellCommented:
If the "secureity server" is a Server running TMG,...then yes, by default no traffic is allowed between VPN users and the LAN.  The only thing establishing the VPN does,...is,...establish the connection,...nothing else.

In TMG you need an access rule such as:

From: "VPN Users Network"
To: "Internal"  (or a specific Computer Object)
Protocols: <whatever is needed>
Users: <whatever is needed>

0
 
markdmacCommented:
My condolences on your purchase of EBS, at least you will get a free upgrade soon to break it apart and de-mystify it.  There are a number of tweaks you will want to do to make it work, have a look at my collection here: http://www.tek-tips.com/viewthread.cfm?qid=1477396&page=1

Regards,
Mark
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
pwindellCommented:
Sounds like you need a PHD in VooDoo to deploy EBS.


0
 
markdmacCommented:
I was among the first 3000 people in the US to get certified in it and can tell you the product just wasn't ready for prime time.  I work for a MS Gold Certified Partner and we deployed the first production install of the RTM code worldwide and had lots of problems working with it.  My notes referenced above are from working directly with the MS product team.

The good news is that MS realized their mistake and has killed the product.  People that purchased EBS will get a free upgrade pack in the coming months (June or July I believe).  They will get standalone media that will let then break apart the servers and do away with TMG if they want.
0
 
pwindellCommented:
The bad news is that MS wasn't sharp enough to see those mistakes before the made them.

I think if someone dropped TMG that would be a bad thing, it is an excellent product, it just takes someone knowing what they are doing with it.  People used to ISA could probably deal with TMG with their eyes closed.

But spliting the product components into separate machines is a good thing,...a very good thing.
0
 
corpdsincAuthor Commented:
Thanks guys.  So...what firewall rule do I need to add to allow VPN traffic...sorry I am definitely not an Forefront expert.
0
 
pwindellCommented:
I gave you the Rule specs in my first post.
0
 
markdmacCommented:
Did you implement the TMG tweaks I pointed you to?
0
 
corpdsincAuthor Commented:
Thanks for all of your help with this.  I am going to make the firewall change now.  Question though, everytime I apply a new rule to Forefront TMG the entire network disconnects and the sever has to be hard / power cycled.  Is this a known issue?

thanks
0
All Courses

From novice to tech pro — start learning today.