Microsoft Forefront UAG 2010 SP1 - remote network access (SSTP) mystery
Posted on 2011-09-26
I have an Forefront UAG https trunk working as a portal site, providing terminal server access. But I can't get remote network access (VPN) to work on the same trunk/portal.
I am using Forefront UAG 2010 SP1
- Private network consists of several segments: 172.16.x.0/24 (where x=1,2,or 3)
- Astaro firewall routes between private segments
- router address on each segment is 172.16.x.1
- UAG is dual homed on 172.16.1.11 and with public address xx.xx.xx.xx
- UAG private network is defined as 172.16.1.1 -- 172.16.255.255
Remote network access is enabled (both SSTP and SSL)
- IP address pool for SSTP is 172.17.1.2 -- 172.17.1.253
- IP address pool for SSL is 172.18.1.2 -- 172.17.2.253
The UAG server is a member of the domain. Portal authentication using domain userid/password works just fine. Network access is configured to use the same domain for authentication. At first I had configured only selected domain groups to be allowed to use remote network access, but now I have allowed all users to simplify.
When I try to launch remote network access (click on remote network access icon in UAG portal) the client application seems to launch just fine. Shows as connected. But nothing works.
- Ping to any 172.16.x.x. address does not work
- Ping to hostnames does not work
- ROUTE PRINT on the client shows no entries for 172.* addreses
- there is not new virtual adapter showing in IP config
Bascially, nothing seems to happen and I am a loss how to debug.