How to publish a VPN SSTP using your UAG in a HTTPS trunk

Article
10/12/2011

Configuration:

Win7 RDP6.1 10.10.11.88 (VPN Network 192.168.33.0-192.168.33.255)
|
10.10.11.252 (UAGhttpsTrunk.allinone.com)
UAG
10.10.10.252
|
----------------------------------10.10.10.0/24-----------------------
|
DC(10.10.10.12) ex2010all.allinone.com default gateway of the DC is the UAG. If you have other DefaultGateway the

First think to do is to configure the trunk, you need to have a certificate and the CRL for that certificate must be accessible.

1) Create the trunk

So on the UAG console we start by creating the trunk:

We go to HTTPS Connections -> RClick -> New Trunk - Portal Trunk

I gave the name: UAGHttpsTrunk.allinone.external

On the Authentication Server select the internal DC - ex2010all.allinone.com -> Next

Select a certificate.

Important: (About the certificate, public name and CRL)

The public name of the certificate must match the name of the External name you are going to access.

In my case the VPN connection and trunk are going to be accessed by using the name UAGhttpsTrunk.allinone.external

This certificate has the CRL link that can be accessed correctly. This causes problems if not well configured.

Next - Endpoint Policies I left the Default

Next - Finish

Creating the VPN SSTP

On top we go to Admin go to Remote Network Access and then select SSL Network Tunneling(SSTP)

Select the Trunk we have created UAGhttpsTrunk

Next - on protocols select SSTP

Next - Address Assignment I've created a entry where Start Address is 192.168.33.0 end address is 192.168.33.255 (don't worry about the network 0 and mask address 255, UAG takes care of that).