Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

The TMG does not route.

Posted on 2011-09-08
19
Medium Priority
?
523 Views
Last Modified: 2012-05-12
I installed a TMG, I created a rule that allows all outgoing traffic.

but the DC does not ping the Wan TMG leg.
The DC ping  the leg LAN.

I used the wizard and it seems that networks and routes are correct.
0
Comment
Question by:limmontreefree
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 8
19 Comments
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36501365
>> allows all outgoing traffic.
how do you create the rule ? is it for all user and protocols from internal to external and local host ?

open TMG monitor and see which rule denies the traffic.

BTW: it is not a good config to have such rule. only needed protocols should be allowed on the firewall.

0
 

Author Comment

by:limmontreefree
ID: 36501399
Soy novato con TMG.

He creado la ruta a mano,

Where is the TMG monitor, iremenber it but i don't meet it.

thanks
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36501409
open TMG console--> logs and reports node.

is the above in English ? sorry but I can understand only English :-)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:limmontreefree
ID: 36501416
I just find the monitor
0
 

Author Comment

by:limmontreefree
ID: 36501466
out several errors, this is  in red.

 connection refused
 typo Registered: Firewall service
 any rule, see the result code
 Source: Internal 192.168.1.10:389
 Destination: 192.168.1.1:10360 local host
 Protocol: Unidentified IP Traffic (TCP: 10 360)



 DC is 192.168.1.10
TMG   Lan leg is 192.168.1.1
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36501487
thats not related to ping.


while pinging the external tmg IP address, monitor the traffic.

always there are a lot of red (deny) connection in ISA monitor. you can filter the log to show only traffic from DC based on client ip address.
0
 

Author Comment

by:limmontreefree
ID: 36501561
i cant see nothing lCMP (ping)
0
 

Author Comment

by:limmontreefree
ID: 36501573
this is a screenshot
1.jpg
0
 

Author Comment

by:limmontreefree
ID: 36501583
While i take the snapshoot  From the DC 192.168.1.10 it was doing "ping 192.168.0.1 -"
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36501599
Can you post a screenshot of your current access rules ?

why do you want to be able to ping the external interface of TMG ?
0
 
LVL 23

Accepted Solution

by:
Suliman Abu Kharroub earned 2000 total points
ID: 36501602
Oppps

Try to create a rule from localhost and internal to localhost and external allowing ping
0
 

Author Comment

by:limmontreefree
ID: 36501630
Hello again:
I'm trying to set up a TMG and this is a Lab Work for me. in my company we have and TMG and i can ping to the external interface.

I started cheching the ping and then, when i check it se why don't go to internet.
0
 

Author Comment

by:limmontreefree
ID: 36501631
   
2.jpg
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36501651
Do you fill the default gateway on the client machine ? or just using web proxy ?
0
 

Author Comment

by:limmontreefree
ID: 36501652
todas las redes --> all the networks
todos los usuarios --> all the users
todo el trafico saliente --> all the outgoing trafic

thanks
0
 

Author Comment

by:limmontreefree
ID: 36501657
in the DC

ip        192.168.1.10
mas    255.255.255.0
gat      192.168.1.1

DNS  127.0.0.1

I think not using web proxy.
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36502011
from DC can ping 8.8.8.8 ?
0
 

Author Comment

by:limmontreefree
ID: 36502018
yes,

 so TMG are routing isn.t?
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 36502115
Yes it is.

in your ping rule just add local  host in the To field.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question