When I have users connect over VPN using my Forefront TMG server I'm having problems with internally used self signed certificates. The behavior looks like TMG is attempting an inspection and killing it when the certificate isn't in the trusted root store. I've verified this by adding one of the self signed certs, making that published service available. I would really like to avoid this practice.
My client systems shouldn't be using the HTTPS inspection for any intra network communication. My internal systems do not display this behavior. How can I adjust the VPN clients to behave in the same fashion?