Problems connecting to resources on a VPN Network via TMG

townsma used Ask the Experts™
I have set up a TMG gateway, for outbound all works well.  I am now trying to set up a VPN into the system to access SQL Servers etc.

I have followed all the instructions I can find, and all seems well.  I am accessing the VPN from a Windows 7 laptop.

When I try to connect, I am prompted for the login credentials, which I enter, and it says they are accepted.  Windows 7 reports I am connected.  If I try IP config, the VPN network has a valid IP address from the corporate network.

But if I try to ping any of the servers on that network I cannot.  I also cannot access the SQL Server by using the SQL Man Studio.

I tried to ping by server name to the SQL server, and I get a reply, but form an IP address I do not recognise.

I have spent a lot of time on this,  and am puling out my hair.

I would welcome any advise.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2011

Making the VPN connect ONLY does just that, makes the VPN connect.

However that in no way grants you access to anything.  All you did when you authenticated is be granted the permissions to establish the VPN Tunnel itself,...but nothing beyond that.

Everything from that point forward depends, and is entirely controlled by,...Access Rules.   Having Access to Ping does not give you access to SQL,..and having access to SQL does not give you the ability to Ping.  So using Ping to test anything is pointless and the only thing it ever would really test is if you had access to Ping.

So your Access Rule would be something like:

From: VPN Clients Network
To: (Either Internal or Computer Sets, or Address Sets, or <well you should get the point>)
Protocols: <List of Protocols>
Users: (Either "All Users" for anonymous, or use specific User Sets)

I do not recommend Anonymous ("All Users")
Most Valuable Expert 2011

Because the Client is Windows7,...when targeting a machine to contact you will likely have to use the FQDN.  Using the Netbios Name worked fine in XP and older, but in my experience with Windows7 you'd have to use the FQDN based on the AD Domain.  That is what I have ran into trying to use the Remote Desktop Client in Windows7 to contact a Terminal Server on the LAN, the SQL Client Application may exibit the same behavor.

AD Domain = juicyfruit.loc
SQL Server = happydata
FQDN = happydata.juicyfruit.loc


I understand that my access is based on the access rules, and I have a rule already as you suggest.

I have also tried connecting to the SQL Server using the NETBIOS name, the FQDN, the IP returned from the PING, and the IP of the actual server.  But none of them connect.  All return server not found.

Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Most Valuable Expert 2011

If the SQL Server is not in the same IP Segment that the VPN Client gets an IP# from,...then the Client must be sure to have enabled "use gateway on remote network" in their Dialup Connectoid.

Beyond that,  there isn't much I could do without seeing the thing for myself and there isn't any way I can do that..


The SQL Server is on the same IP Subnet as the TMG Server, and hence VPN server, plus I have already selected "use gateway on remote network".

Thanks for trying anyway.
Most Valuable Expert 2011
The TMG live Monitoring Log should give you some kind of view as to what is happening if you filter out all the other log noise.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial