- Windows Active Directory and DNS
- DHCP server or range of free IP addresses
- Enterprise Root CA
- Forefront TMG is a member server.
- Computer certificate installed in TMG server
- Public IP assigned in external NIC of TMG server
Configure L2TP/IPSec VPN
1. open the Forefront TMG Management Console. Click Forefront TMG (Array Name) in the left pane.
2.In the left pan click on Remote Access Policy>Click on Configure Address Assignment method. You will be presented with Remote Access Policy Property. Now follow the screenshots.
3. Add a range of IP addresses (Example:10.10.11.1-10.10.11.255) to be assigned by TMG server or assign internal DHCP server.
4. Check MSCHAPv2 Authentication and Check Enable EAP
5. Apply Changes. OK.
6. In the left pan click on Remote Access Policy, in the task pan>click on configure VPN Client Access. You will be presented with VPN Clients property. Check enable on general Tab.
7. In the Group Tab, Add Windows AD groups you allowed to access VPN.
8. In the Protocol Tab, Check Enable L2TP/IPSec
9. In the User mapping, Check enable User Mapping and provide internal domain name.
10. Click Apply and ok. Apply changes.
11.In the left pan click on Networking, Click network Rules Tab. From the task pan, run new Create Network Rules wizard. Create new network rules allowing VPN client access from external network to internal network. Select route relation between external and internal network.
12. In the left pan right click on Firewall Policy>Click New>Click new access Policy. Follow the screenshots.
13. Apply changes.
14. make sure you allow remote access in AD user Dial-in property.
15. Now create a dialler in Windows 7 machine shown below link. Log on to that machine using domain credentials and test VPN.