Again with another TMG2010 problem, actually not a problem , a dilemma .
Attached is our network diagrams, please don't ask why the network design is really stupid but we have to do it like this temporarily (several sites,links and stuff) also the network addresses are just for explanation.
Bottom line, we have a TMG2010 in the same address pool as the Users, who are using the TMG's web proxy to access the internet.
The TMG is set as an EDGE firewall, the internal NIC have an ip in the users ip address space, and the external NIC have a public IP address
I've set the gateway on the external NIC to be the internet gateway, and removed the gateway of the internal NIC (typical EDGE firewall design)
The problem is that the domain controller is on a third network (10.10.10.0/24) ,so TMG can't reach it to do the users authentication (integrate windows domain authentication).
Simple explanation: When the user opens internet explorer (TMG is set as a proxy in it), the authentication dialog box appears, and of course will not work if i entered my user and password because TMG will not be able to see if they are correct because it can't reach the DC.
so the best way to explain this is how to let TMG reach the domain controller ?
sorry about the crappy diagram and explanation
Thank you in advance.