Enabling Secure Socket Tunneling Protocol

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

Secure Socket Tunneling Protocol (SSTP) is a form of VPN tunnel that allows the transport of Point-to-Point Protocol (PPP) traffic through a Secure Sockets Layer (SSL) channel. Using SSTP improves the ability of VPN connections to traverse firewalls and proxy servers.

The following procedure describes how to enable SSTP when configuring a remote access VPN policy.

To enable SSTP

1. In the Forefront TMG Management console, in the tree, click the Remote Access Policy (VPN) node, and in the details pane, click the VPN Clients tab.

2. In the details pane, click Verify VPN Properties, and on the Protocols tab, click Enable SSTP.

3. Click Configure and select an existing Web listener from the list, or click New to create a new Web listener.

   Note

   You can use an existing Web listener if it meets the following criteria:

   • Listens for HTTPS traffic on port 443.
     
     
   • Has one certificate only.
     
     
   • Is not configured to Require users to authenticate or to Require SSL client certificate.
     
     

4. If you selected New, follow the on-screen instructions in the New Web Listener wizard.

5. Click OK to save your changes, then on the Apply Changes bar, click Apply.