Solved

Forefront tmg to barracuda

Posted on 2011-03-23
14
1,039 Views
Last Modified: 2012-05-11
I want to pass SMTP traffic from the forefront TMG to the barracuda.  has anyone done this succsessfully?  So far, no matter what kind of rule I set up as soon as i switch off the old ISA server, add the email ip addresses to the TMG server and enable the rule, the SMTP traffic to the barracuda stops.  we are not using exchange server.
0
Comment
Question by:gjcp
  • 7
  • 7
14 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 35206789
The TMG has to have all the IP#s the old ISA had.  There is no "email address".  It isn't going to do you any good if the incoming traffic hits the TMG and the Barracuda doesn't respond back the TMG identically to how it did with the ISA.

You have to use a simple straight SMTP Publishing Rule,...Server Publishing Rule,..aka. a Non-Web Server Publishing Rule using "SMTP Server" as the Protocol (not the regular SMTP)
0
 

Author Comment

by:gjcp
ID: 35207858
I have ALL of the IP addresses that the old ISA had.  I made sure of that before I turned on the rule i made for smtp traffic.  I set up the following rule-
Action = allow
Traffic = SMTP Server
From = Anywhere
to =  the IP address of the barracuda
        requests appear to come from the origional client
networks = external   all IP addresses

I set this up using the "Non-web server protocols"

Any Ideas?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35208366
requests appear to come from the origional client

Change to:

requests appear to come from the ISA

Now what does it do?
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35208397
From = Anywhere

Really should be

From = External

However that by itself should not break anything,...it is just good practise to be specific,..."anywhere" is not very specific.
0
 

Author Comment

by:gjcp
ID: 35210464
I will not have a window of opportunity to try the change you suggest until next week.  I will post the results then.  thanks
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35210783
It is not a change,...it is a troubleshooting step,...although if it works you have the option to leave it that way.
0
 

Author Comment

by:gjcp
ID: 35264003
I had a half hour window and  I tried 2 different rule settings and nether one worked.  I created a straight access rule and a non web server rule.  I tried one at a time and they both failed.  I need to try the setting "requests appear to come from the isa"  I realized that I set it to appear to come from the client.  I wont have another window of opportunity to try anything else until next week.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 29

Expert Comment

by:pwindell
ID: 35283492
Ok, that's fine.  I'll get an email alert when you post back.
0
 

Author Comment

by:gjcp
ID: 35337018
ARRG! all experments have failed.  I almost wish I could put isa 2004 on the win2008 server!  It is strange that all of the other rules work just fine, but for some reason i cant get the smtp traffic to go to the barracuda.
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35342190
Well, the ISA part is extremely simple,...it is just a very simple striaght forward Non-Web Server Publishing Rule with External as the Source,..the IP of the Barracuda as the Target,...and the Protocol is "SMTP Server" (not the regular SMTP).  It is just that simple,...no more complex than that.

The Barracuda then has to be a SecureNAT Client of the ISA so the response packets follow the same path out that it came in on.

If it is not working after that then you have some other issues that go beyond the ISA.
0
 

Author Comment

by:gjcp
ID: 35343720
Well I guess my issues go beyond the forefront tmg server.  It is really frustrating since all the other rules work just fine.  You are right, the rule itself is simple, and works correctly on the old isa 2004 server. I have never experienced such a crazy problem and i have been at this for 20+ years!
0
 

Accepted Solution

by:
gjcp earned 0 total points
ID: 37456568
Turned out that it was actually a port problem on a switch.  We switched cables and everything started working
0
 

Author Closing Comment

by:gjcp
ID: 37478667
It turned out to be a faulty switch
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37456710
Ok, very good.  Glad to hear you got it worked out.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now