N/APosted on - 07/28/2011
My query is regarding VPN:
– Will we be able to specify which certificate on TMG will be used for IKE authentication for L2TP/IPsec connections ?
– Will we be able to specify on which IP address from the external NIC is TMG listening for VPN connections when we have multiple IP addresses on that NIC ?
– Will we be able to specify which VPN users can use PPTP and which can use L2TP/IPsec from the TMG GUI ?
Query is regarding VPN features help
-At present with ISA 2006, we can only have need of which certificate on ISA can be used for EAP-TLS from RRAS.
Supposing that we need to usage Vista with "The Authenticate name and procedure features of the server’s certificate" option(https://support.microsoft.com/en-us/help/926182/how-to-configure-verification-of-additional-fields-in-peer-certificate) and here are multiple certificates on TMG from the equivalent internal CA, it would be useful to identify which certificate we need TMG to use for IKE authentication.
-At once we can only agree on which Networks is ISA 2006 attending for incoming VPN networks.
– An annoying problem with ISA 2006 was connected to IPsec tunnel mode site-to-site networks. In many cases, we do not need to specify as local subnet the entire Internal Network. Only limited servers want to be reachable from the isolated site.
The IPsec tunnel mode site-to-site connections depend on the proxy identities (QM filters) presented during IKE Quick Mode consultations. Thus, we end up taking a "situation"…
I wrote about it here: