We recently (today) configured pre-logon VPN, but have come across what could be a show stopper. As its currently configured we have configured:
Gateway > (gateway name) > Authentication > Certificate Profile > (a client cert signed by our infrastructure)
If a machine has this cert installed it now succesfully connects via "pre-logon", and once signed into Windows it all works as expected.
If a machine doesnt have this cert installed then "pre-logon" does not work, but additionally they are unable to sign in once in Windows as they are presented with an error stating cert is missing.
Is this how it should be configured or have i missed a step somewhere?
The issue is we have a requirement for some non-domain users/assets to be able to connect to the VPN. As it stands with the way i have configured pre-logon they cant connect, as the cert is missing.
What is the correct way to resolve this and keep pre-logon?
I was thinking to create a second gateway, on the same interface as the current one, but assign a secondary IP to the interface. I would more or less copy the config from the existing gateway, but not assign a certificate profile to it.
The portal agent config for these external users would then be configured to use the newly created gateway.
Is this how to solve this problem?
No comments:
Post a Comment