Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersCan SSTP VPN and HTTPS Reverse Proxy functions be used together in TMG?


1990 posts

Uber Geek

Trusted
Lifetime subscriber

# 99782 27-Mar-2012 11:33
Send private message

TMG is currently installed with wildcard certificate as a reverse proxy for a combination of MS and non-MS HTTPS traffic, I would like to add SSL VPN functionality to the mix, but if I did, what URL would be used for VPN target?

Create new topic


1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 600640 27-Mar-2012 11:49
Send private message

Note: I suspect that SSTP will attempt to bind to 443 and will not share with the Reverse Proxy function, I wonder however if I can create an additional listener on another adapter and Reverse Proxy the SSTP traffic to that?

3107 posts

Uber Geek

Trusted
Subscriber

  # 600659 27-Mar-2012 12:20
Send private message

The SSTP actually binds to IIS. I have it happily sharing with Exchange ActiveSync and Remote Desktop Gateway on my 2008 server (no TMG though).

 
 
 
 




1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 600673 27-Mar-2012 12:50
Send private message

Now that I did not know. That changes my approach significantly. Assuming the client passes the URL in the message I should be good to go with a stand alone host.



1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 600871 27-Mar-2012 18:14
Send private message

Any tips on diagnosing SSTP behind TMG? I can get to it, confirmed by toggling users "dial-in" setting between Allow & Deny and getting the expected 812 error when deny, but when allow is set I get "registering computer" and then Error 619. I checked this article and the hash on the reverse proxy and the RAS match.

Note: tested this directly and VPN established successfully. TMG reports the traffic being redirected successfully, i.e. no drops or blocks.

3107 posts

Uber Geek

Trusted
Subscriber

  # 601106 28-Mar-2012 09:40
Send private message

Hmm. I'm afraid you've gone a bit beyond my realm of knowledge there. I'm certain someone here will be able to help with that though.



1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 601117 28-Mar-2012 10:07
Send private message

Going to rebuild with an on-domain RAS machine and RODC, I suspect it's a certificate chaining issue. If not, I've read an article where others have made this work by changing the RAS to being unencrypted. I'll update this with my findings.



1990 posts

Uber Geek

Trusted
Lifetime subscriber

  # 601164 28-Mar-2012 11:55
Send private message

Yes, that worked. Created a server with a FQDN, installed the certificate and installed RAS. Then set that in the reverse proxy and connection was successful. Seems the certificate path must hold all the way through for this to work, other end-points I have gotten away with installing their self-signed certificates into TMG.

Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08

Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55

Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19

Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48

CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42

Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41

Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30

BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14

Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24

2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35

New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13

OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32

Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27

D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07

LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.