limmontreefree
asked on
The TMG does not route.
I installed a TMG, I created a rule that allows all outgoing traffic.
but the DC does not ping the Wan TMG leg.
The DC ping the leg LAN.
I used the wizard and it seems that networks and routes are correct.
but the DC does not ping the Wan TMG leg.
The DC ping the leg LAN.
I used the wizard and it seems that networks and routes are correct.
ASKER
Soy novato con TMG.
He creado la ruta a mano,
Where is the TMG monitor, iremenber it but i don't meet it.
thanks
He creado la ruta a mano,
Where is the TMG monitor, iremenber it but i don't meet it.
thanks
open TMG console--> logs and reports node.
is the above in English ? sorry but I can understand only English :-)
is the above in English ? sorry but I can understand only English :-)
ASKER
I just find the monitor
ASKER
out several errors, this is in red.
connection refused
typo Registered: Firewall service
any rule, see the result code
Source: Internal 192.168.1.10:389
Destination: 192.168.1.1:10360 local host
Protocol: Unidentified IP Traffic (TCP: 10 360)
DC is 192.168.1.10
TMG Lan leg is 192.168.1.1
connection refused
typo Registered: Firewall service
any rule, see the result code
Source: Internal 192.168.1.10:389
Destination: 192.168.1.1:10360 local host
Protocol: Unidentified IP Traffic (TCP: 10 360)
DC is 192.168.1.10
TMG Lan leg is 192.168.1.1
thats not related to ping.
while pinging the external tmg IP address, monitor the traffic.
always there are a lot of red (deny) connection in ISA monitor. you can filter the log to show only traffic from DC based on client ip address.
while pinging the external tmg IP address, monitor the traffic.
always there are a lot of red (deny) connection in ISA monitor. you can filter the log to show only traffic from DC based on client ip address.
ASKER
i cant see nothing lCMP (ping)
ASKER
this is a screenshot
1.jpg
1.jpg
ASKER
While i take the snapshoot From the DC 192.168.1.10 it was doing "ping 192.168.0.1 -"
Can you post a screenshot of your current access rules ?
why do you want to be able to ping the external interface of TMG ?
why do you want to be able to ping the external interface of TMG ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello again:
I'm trying to set up a TMG and this is a Lab Work for me. in my company we have and TMG and i can ping to the external interface.
I started cheching the ping and then, when i check it se why don't go to internet.
I'm trying to set up a TMG and this is a Lab Work for me. in my company we have and TMG and i can ping to the external interface.
I started cheching the ping and then, when i check it se why don't go to internet.
ASKER
Do you fill the default gateway on the client machine ? or just using web proxy ?
ASKER
todas las redes --> all the networks
todos los usuarios --> all the users
todo el trafico saliente --> all the outgoing trafic
thanks
todos los usuarios --> all the users
todo el trafico saliente --> all the outgoing trafic
thanks
ASKER
in the DC
ip 192.168.1.10
mas 255.255.255.0
gat 192.168.1.1
DNS 127.0.0.1
I think not using web proxy.
ip 192.168.1.10
mas 255.255.255.0
gat 192.168.1.1
DNS 127.0.0.1
I think not using web proxy.
from DC can ping 8.8.8.8 ?
ASKER
yes,
so TMG are routing isn.t?
so TMG are routing isn.t?
Yes it is.
in your ping rule just add local host in the To field.
in your ping rule just add local host in the To field.
how do you create the rule ? is it for all user and protocols from internal to external and local host ?
open TMG monitor and see which rule denies the traffic.
BTW: it is not a good config to have such rule. only needed protocols should be allowed on the firewall.