0

Last week our Hyper-V server crashed and forced us to rebuild most of our network. While the network has been rebuilt we are having a major problem. We use Forefront TMG to route our web traffic using Web Listeners. We have a rule in place to take the external ip address coming in and translate that to the private website behind the Forefront firewall. Our TMG server has 2 NIC cards, an external one is setup without DNS and the internal one is setup without the default gateway. Our normal default gateway is our CISCO ASA VPN.

My issue is if I don't use our TMG server as the default gate for the webserver and our external DNS then I can't get to the site. As soon as I change it to our ASA the sites don't connect. If I use the TMG as our default gateway I can't get to a large part of the internet. I would like to use our ASA as the default gateway but I don't know what to do at this point.

Travis Grannan
  • 1
  • 2

2 Answers2

1

Whichever device is used to publish the site, its internal IP must be configured as the default gateway on the web server. You can't publish via TMG and route outbound traffic via the ASA as this will result in half open connections timing out on the TMG and unrecognized responses at the second gateway which never received the inbound requests from the clients.

Hamza Sultan Zuberi
  • 31
  • 1
0

You could probably fix part of that by assigning an external DNS to TMG's external adapter.

But if you exclude TMG as the default route, you should simply need to get the ASA working.

If the ASA had a configuration which allows only TMG to connect outbound, that might partially explain your symptom... but the ASA sounds like the key here.

TristanK
  • 9,073
  • 2
  • 28
  • 39