Publishing Direct Access 2012 via TMG 2010

Hi all,

I have TMG 2010 behind NAT device to publish my direct access 2012. I have published the DA server and open built in system policy regarding Direct Access on TMG. I also enabled the VPN on direct access server.

When i try the VPN connection from outside organization, it is failed. I monitor the incoming request to my da server on TMG, and i can see there is no denied incoming request, there are only 2 types of traffic, Initiated and Closed.  

The Initiated one seems ok, but the Closed Connection mentioning that the connection was abortively closed after one of the peers sent an RST packet

Previously i had testing environment with exactly the same publishing rule entry on TMG, it works perfect. The only different between my testing environment and the current is that the current TMG is behind the NAT device.

Anyone has experienced this? Please advice.

Thanks.

PS: I tested the VPN using Windows 7 client, the VPN connection error code on client was 800 (The remote connection was not made because the attemted VPN tunnels failed) 



June 26th, 2013 12:42pm
If TMG dropped RST package, does it mean the TMG cannot proceed the request to destination? If yes, hpw do i know which party has missed the configuration, the TMG or DA server?
Free Windows Admin Tool Kit Click here and download it now
June 26th, 2013 5:18pm

Hi

I've worked on such scenario a few weeks ago : Publishing DirectAccess with a TMG Appliance.

http://danstoncloud.com/blogs/simplebydesign/archive/2013/04/04/tmg-can-be-a-good-friend-of-directaccess.aspx

The only tricky thing is that IPHTTPS cannot be handeled by the standard Web publishing rule. There is no change on DA (unless you want to publish multiple DA on the same public address).

June 26th, 2013 10:50pm

Hello,

Actually my DA publishing is just exactly the same with the link given, that's why it works on lab environment...i confuse it doesn't on the current env...

Free Windows Admin Tool Kit Click here and download it now
June 27th, 2013 4:46am
Are you sure of your edge device configuration in front of your TMG?
June 27th, 2013 10:04am

Well the packet has arrived at TMG, so i conclude there is no problem from any edge device to TMG. I think the problem at TMG, or between TMG to DA...

Free Windows Admin Tool Kit Click here and download it now
July 1st, 2013 4:30am

OK,

So do you have incoming trafic from your TMG to your Windows Server 2012 server? If not do you have denied trafic in the live monitoring of your TMG?

July 2nd, 2013 10:31am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics