• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2053
  • Last Modified:

Microsoft Forefront TMG

i can ping the external ip address via the TMG but when i try ping the name i get cannot find host. but when i tracert the external ip address i get the following error on the firewall....

Denied Connection RX-TMG01-S 2011/10/17 03:08:13 PM
Log type: Firewall service
Status: A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter.  
Rule: None - see Result Code
Source: Local Host (10.1.1.100:137)
Destination: External (***.***.***.***:137)
Protocol: NetBios Name Service
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 10.1.1.100


Denied Connection RX-TMG01-S 2011/10/17 04:15:51 PM
Log type: Firewall service
Status: Access is denied.  
Rule: Default rule
Source: Internal (10.1.1.2:137)
Destination: External (***.***.***.***:137)
Protocol: NetBios Name Service
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 10.1.1.2
 
0
Raubex_IT
Asked:
Raubex_IT
1 Solution
 
Suliman Abu KharroubIT Consultant Commented:
First issue (DNS): It depends on how the client machine configured to resolve names, to which DNS server the client points ? does this DNS server has a record for that name ?

Second issue (tracert):
simply it is an information massage not error message, Tracert pings each node on the path and returns the result, when it pings the internal interface of TMG server ( the first node in the path), it shows the message and that's expected; because the IP header shows that this packet is targeted to the external IP and should be come from the external interface not the internal.
0
 
vishalvasuCommented:
This is a DNS issue when you try to ping or tracert using name. Ensure that an A record points to the IP address of the TMG server and that TMG server is set to lookup the internal DNS server that is being queried. As for the tracert and ping response, try them from a remote machine instead of TMG. If you still do not get results, you might have to change the system policy to allow ICMP and Tracert diagnostics.
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now