The following procedure describes how to create a user account so that the remote site can authenticate to the VPN gateway. You should create a dial-in account for Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP) networks only. Do not create a dial-in account for Internet Protocol security (IPsec) networks.
Creating a user account for the remote site gateway
To create a user account for the remote site gateway
On the Forefront TMG server, click Start, point to Administrative Tools, and then click Computer Management.
In the Computer Management console, in the tree, click System Tools, click Local Users and Groups, and then click Users.
In the details pane, right-click the applicable user, and then click Properties.
On the Dial-in tab, under Remote Access Permission (Dial-in or VPN), select Allow access.
Note: For the remote network to initiate a connection to the local network, a user with dial-in properties must be configured on the local network. The name of the user account and the name of the site-to-site network must be identical. For example, if on SiteA you create a site-to-site network representing SiteB, you must also create a user named SiteB. SiteB will connect to SiteA using the credentials of the user named SiteB.
In a domain environment, set remote access permissions in the domain-based user account in Active Directory.
ConceptsConfiguring site-to-site VPN access
Copyright © 2009 by Microsoft Corporation. All rights reserved.