• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 525
  • Last Modified:

Essential Business Server (EBS) VPN lack of access

We have a standard Essential Business Server (EBS) installation with Forefront TMG etc. Clients can VPN in and appear in the TMG and routing and remote access logs but with a status of “Not NAP Capable”. Although clients appear to be logged in they have no access to network resources. A ping to any network device doesn’t work neither does a ping from the network back to the client.
0
TwoBobBit
Asked:
TwoBobBit
  • 4
  • 3
1 Solution
 
Cliff GaliherCommented:
EBS does not set up NAP by default, so the not NAP capable is expected. It is not a sign of a problem.

As far as not being able roping, ICMP traffic is not allowed by TMG by default either. So again, expected behavior. You should, however, be able to use "normal" protocols just fine (HTTP, etc.) if you need more, you need to define the firewallmrules separately via the TMG console.

-Cliff
0
 
TwoBobBitAuthor Commented:
You say we should be able to use standard protocols but I haven’t found anything we can do across the VPN, Outlook to Exchange server won’t connect, I can’t browse shares or drives, can’t run applications etc etc. Are you saying I will need to setup TMG firewall rules for basically each and every protocol someone might need when away from the office? Surely that negates the idea of having the firewall in the first place. At our other sites (Not on TMG) we just have a few firewall rules for specific protocols i.e. Mail, Blackberry and VPN.
0
 
Cliff GaliherCommented:
Yes, you create rules to allow traffic. I have no idea why that negates the idea of having a firewall. Exactly the opposite is true. If a firewall let's everything through then why have a firewall?!?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
TwoBobBitAuthor Commented:
We have the rules set up when EBS was installed, which look as though they should allow as to do the things we want to. Have tried adding rules but this seems to make no difference..
0
 
Cliff GaliherCommented:
Via the TMG console, use the reporting function to view denied traffic. You can then see if the traffic fits the parameters you expect.

-Cliff
0
 
TwoBobBitAuthor Commented:
What looks to be happening is I start the VPN - Client machine gets message Successfully conected to etc etc, Server logs show connection. TMG console reporting shows "Denied Connection" Log Type - Firewall service, Status Blank. Rule - Default Rule. Source - VPN Clients.

Thanks
0
 
Cliff GaliherCommented:
So the default rule is kicking in. Which means your allow rules are not configured properly, so it isn't a match. Revisit your rules.

-Cliff
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now