Malli Boppe
asked on
Setup TMG 2010
I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
Also need to configure TMG so that exchange 2010 SAN certificate works properly.
Also need to allow rdp traffic to a particular server.
I am new to TMG,ISA. Any help would be much appreciated.
Also need to configure TMG so that exchange 2010 SAN certificate works properly.
Also need to allow rdp traffic to a particular server.
I am new to TMG,ISA. Any help would be much appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys
If I choose the network as edge topology can we later change it to 3-leg permiter
If I choose the network as edge topology can we later change it to 3-leg permiter
Yes you can.
but it is better to make a good network design to match your requirement before installing ISA.
ASKER
Thanks Siliman
does TMG come in 32 bit and 64bit. I am trying to download 64 bit trail but can't find any where.
does TMG come in 32 bit and 64bit. I am trying to download 64 bit trail but can't find any where.
ASKER
I am not using AMD processor. for intel their is only 32 bit in the link that you posted.
The 32 one is only the management console.
ASKER
Thanks Suliman
Yesterday I started deploying TMG, installation went fine. Stragely I don't get option to pick up the topology its greyed out.
After couple of minutes I lost rdp access. ping wouldn't respond. I don't have console access. Can any one tell what could have happened.
Yesterday I started deploying TMG, installation went fine. Stragely I don't get option to pick up the topology its greyed out.
After couple of minutes I lost rdp access. ping wouldn't respond. I don't have console access. Can any one tell what could have happened.
It could be that you changed the network topology and network relations between network entities. any wrong config there for sure will cause such issues.
it is recommended to configure network topology and relations using the console.
By default ISA/TMG configured as edge firewall (one internal network and everything else is external- except VPN and local host).
how are you trying to connect to the server ? externally from the public ip ? or using vpn ?
it is recommended to configure network topology and relations using the console.
By default ISA/TMG configured as edge firewall (one internal network and everything else is external- except VPN and local host).
how are you trying to connect to the server ? externally from the public ip ? or using vpn ?
ASKER
I am conencting the server using rdp from the internal LAN.Let me explain to you in detail.
The server has lan network card with IP: 10.81.37.10/255.255.255.24 0 and out actual internal LAN for all server is 10.81.38.0-255 so in the internel networks I added 10.81.37.0-10.81.38.255. After that I lost the rdp connection.
Alos in the network card priority public NIc is on the top followed by the internal NIC. public NIC has default gateway and internal NIC doesn't have a gateway.
The server has lan network card with IP: 10.81.37.10/255.255.255.24
Alos in the network card priority public NIc is on the top followed by the internal NIC. public NIC has default gateway and internal NIC doesn't have a gateway.
are you trying to connect from internal range ?
do you have an access rule to allow rdp from internal to localhost ?
do you have an access rule to allow rdp from internal to localhost ?
ASKER
yesy I am trying to connect from internally.
I haven't setup any thing on TMG but it was all working before I installed TMG.
I haven't setup any thing on TMG but it was all working before I installed TMG.
If you setup TMG remotely it will add your IP address to the remote management group, so you can configure it.
please check if you client IP address changed ? if it is DHCP client .
please check if you client IP address changed ? if it is DHCP client .
ASKER
Thanks for you patience
Sorry its static IP address. Weird thing is I can't even ping it. Could that be TMG acting as a firewall and blocking every thing. I don't have console access to check what really happened .Probably would get some time today.
Sorry its static IP address. Weird thing is I can't even ping it. Could that be TMG acting as a firewall and blocking every thing. I don't have console access to check what really happened .Probably would get some time today.
emmmmmmmm
Please do the following, it could help to find out if the server is alive in the network:
from cmd:
1. arp -d * ( felete arp cache)
2. ping the server with IP
3. arp -a
If you found that the ip address is listed in arp table then the server is running, if not then the server is not reachable ( turned of of NIC problem)
Please do the following, it could help to find out if the server is alive in the network:
from cmd:
1. arp -d * ( felete arp cache)
2. ping the server with IP
3. arp -a
If you found that the ip address is listed in arp table then the server is running, if not then the server is not reachable ( turned of of NIC problem)
And you are welcome :)
I am going to bed now , it is 3 AM here.
will post back tomorrow.
I am going to bed now , it is 3 AM here.
will post back tomorrow.
ASKER
Thanks once again Siliman.
Will keep you updated.
Will keep you updated.
ASKER
thanks for the update.
So that solved the issue ?
So that solved the issue ?
ASKER
no, Sorry I don't have good networking background
I am really confused whether to use edge firewall topology or 3-leg.
I struck the TMG server has 2 private NIC and one public NIC. Read some document about ISA andit said you can't use 3-leg if you don't have public IP for the permiter network.Is that ture.
I am really confused whether to use edge firewall topology or 3-leg.
I struck the TMG server has 2 private NIC and one public NIC. Read some document about ISA andit said you can't use 3-leg if you don't have public IP for the permiter network.Is that ture.
It depends...
whats your requirement ? what you are try to achieve ?
Usually, web server (apps) are installed in the permeter networks with a public IPs.
whats your requirement ? what you are try to achieve ?
Usually, web server (apps) are installed in the permeter networks with a public IPs.
ASKER
Is their going to be issues if I configure as edge topolgy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Suliman
All working fine now
All working fine now
Most welcome !
Answers:
1. I need to setup TMG 2010 on our infrastructure. Which would be used as proxy.
TMG is by default works as proxy server on port 8080.
2. need to configure TMG so that exchange 2010 SAN certificate works properly.
Export the san certificate from Exchange server with the private key and import it into TMG server. create a publish mail server rule and OWA rule and use that certificate in the listener.
3.need to allow rdp traffic to a particular server.
Create a new computers objects with these servers IPs then create a rule from internal to those computers objects selceting Remote desktop protocol for all user.... but if these servers belongs to the internal networking address range, no need to do anything on TMG.