Printable View
We have TMG 2010 on Server 2008 R2. The TMG acts as our proxy server and has a 443 HTTPS listener installed.
Is it still possible to use this same server to act as an RDP gateway (I believe this also uses port 443) to we can VPN to it from outside and let this server forward our RDP session to any internal machine? Is this something that is normally done or do we HAVE to have a separate server for VPN RDP purposes?
yes you can if you have external DNS host name for example remote.yourschool.sch.uk and set up a new listener and add this in the domain list
Yes, so long as your TMG is setup to use a https listener so that it can crack open the traffic you'll be fine. The TMG can redirect based on folders and RDP gateway so you can redirect to different servers if it needs to, we do the same with OWA and RemoteApp on one SSL connection.
Thanks both. Currently we have the normal HTTPS listener in TMG (443) which is used for accessing secure internal sites from outside. We have requested a new subdomain from our LA just for vpn purposes.
Just to clarify, can we use the same HTTP web listener or do we have to make a new one in TMG? Our LA only allows RDP gateway over 443.
I would create a new HTTPS listener for this. and call it like VPN or somthing with the subdomain name of like vpn.myschool.sch.uk ect so all traffic that comes via port 443 with the hostname vpn.myschool.sch.uk then forward to pc xxx.xxx.xxx.xxx
Just a quick question - is there any particular reason you're not using TMG as your VPN?
So long as you are endpointing the SSL tunnel on the TMG so that you can use ruels to split the traffic to different servers based on url folders. We use rules to split off RD Gateway from OWA on different servers here via ISA. TMG was a bit of a horror show for us, five rebuilds later it never worked right and we just went back to ISA.Quote:
Originally Posted by nLinked
Thanks that sounds like exactly what we need. Will give it a go and update.Quote:
Originally Posted by MicrosoftTechy
We're on LGfL2 now but previously we had VPN working fine with PPTP and MSCHAP configured on TMG, but LGfL2 won't allow PPTP for security reasons, but they do offer an RDP Gateway. They said we can host our own RDP gateway on our own TMG via 443.Quote:
Originally Posted by pantscat
Quick question, if I try to make a new Access Rule, then the properties for the rule don't show a Listener tab so I can't assign the newly created HTTPS listener to the rule. Would a Web Publishing Rule (which does have the Listener tab) be correct in this case?Quote:
Originally Posted by MicrosoftTechy
Attachment 15222
Change to SSTP type VPN? That's what I'm about to try out here with Forefront... (SSTP uses port 443).Quote:
Originally Posted by nLinked
That looks interesting. But this article says XP won't work with SSTP. Is that true? So XP home users won't be able to VPN in with SSTP? And in that case I suppose Linux too?Quote:
Originally Posted by pantscat
You're absolutely correct. I'm only allowing "school machines" to VPN in... thus Win7 only.
As far as I know there isn't any SSTP client support for anything other than Win7 (Win8!) and Win 2008.
Thanks, we have all Win7 machines inside which is fine, but what about users connecting from home? Do they also have to be Win7?Quote:
Originally Posted by pantscat
new access rule
Thanks, but when I try that and go it's properties, there's no Listener tab for me to assign the newly created listener to it. Maybe I'll try one of the others and see how it goes...Quote:
Originally Posted by MicrosoftTechy
Attachment 15224
