How to publish a VPN SSTP using your UAG in a HTTPS trunk
Win7 RDP6.1 10.10.11.88 (VPN Network 192.168.33.0-192.168.33.255)
|
10.10.11.252 (UAGhttpsTrunk.allinone.com)
UAG
10.10.10.252
|
----------------------------------10.10.10.0/24-----------------------
|
DC(10.10.10.12) ex2010all.allinone.com default gateway of the DC is the UAG. If you have other DefaultGateway the
First think to do is to configure the trunk, you need to have a certificate and the CRL for that certificate must be accessible.
1) Create the trunk
So on the UAG console we start by creating the trunk:
We go to HTTPS Connections -> RClick -> New Trunk - Portal Trunk
I gave the name: UAGHttpsTrunk.allinone.external
On the Authentication Server select the internal DC - ex2010all.allinone.com -> Next
Select a certificate.
Important: (About the certificate, public name and CRL)
The public name of the certificate must match the name of the External name you are going to access.
In my case the VPN connection and trunk are going to be accessed by using the name UAGhttpsTrunk.allinone.external
This certificate has the CRL link that can be accessed correctly. This causes problems if not well configured.
Next - Endpoint Policies I left the Default
Next - Finish
Creating the VPN SSTP
On top we go to Admin go to Remote Network Access and then select SSL Network Tunneling(SSTP)
Select the Trunk we have created UAGhttpsTrunk
Next - on protocols select SSTP
Next - Address Assignment I've created a entry where Start Address is 192.168.33.0 end address is 192.168.33.255 (don't worry about the network 0 and mask address 255, UAG takes care of that).
ACTIVATE
Save / Activate
CLIENT CONFIGURATION
Control Panel\All Control Panel Items\Network and Sharing Center
Setup a new connection or network
Next- Create a new connection
Next- Use My Internet connection VPN
Next - Add the address of the trunk
Next - user name and password
VPN Connected
You were able to access the internal DNS on the DC 10.10.10.12 with success
This is working.