There has been a lot of talk on the ISAserver.org web boards regarding how web proxy clients suddenly go crazy when someone connects to the TMG VPN server. The problem in this situation is that when a VPN client connects to the TMG remote access VPN server, a change in the autoconfiguration script takes place that leads to the RAS adapter address being included in the web proxy autoconfiguration script.
When this happens, web proxy clients that are configured to obtain configuration information through autoconfiguration will try to connect to a web proxy listener on the IP address used by the TMG firewall’s RAS adapter. Since this isn’t possible, web proxy client connections fail.
In his blog article VPN users are unable to browse the Internet when connected to TMG and the web browser is configured to “automatically detect settings” at http://blogs.technet.com/b/yuridiogenes/archive/2011/03/16/vpn-users-are-unable-to-browse-the-internet-when-connected-to-tmg-and-the-web-browser-is-configured-to-automatically-detect-settings.aspx Yuri Diogenes talks about how this condition affects remote access VPN clients. I found this interesting, since I had only experienced the problem on intranet clients, but when you read his article, you’ll see it make sense.
DEBRA LITTLEJOHN SHINDER
MVP (Enterprise Security)