TMG Multiple External IPS

Hi all.

I have already read resources so just need to confirm something

We have router connected to internet with multiple static IP address.
The inside of this router is connected to out TMG box as and internal address 192.168.1.4
We  Migrated our ISA 2006 to TMG by exporting and importing config
we repclaited network cards and statically assigned smae ip addresses ( in this case 192.168.1.4 for router address)

But now we can no longer access a website that exists on a client site in which they had already added rules to their firewall for our static address range

Would this be a configuration on the TMG box. ( Someone stated you would add these addresses to the NIC for ARP
Would i have clear the ARP table of my router, so the IP address is registered with the new MAC address.

So effectively how do i get my requests from TMG server to present on the internet as one of the static IP addresses - the router nor the Router nor the NIC IP has changed, just TMG
LVL 3
SingnetsvcAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
You cannot choose multiple IP addresses in TMG for NAT purposes - traffic will all leave on the TMG default. (A single exception can be SMTP in certain cases). If the external router is also applying NAT (which it must be seeing as you have a 192.168.x.y subnet between it and the TMG) then the router will see the same source address.

Having multiple ip addresses on the TMG external interface provides the ability for multiple listeners (Publishing rules in TMG speak) ...i.e. an ip address for inbound mail, another IP address for secure https access to a Sharepoint site and so on, they are not for multiple NAT addresses outbound.

In the network configuration of the TMG GUI, you CAN elect which of the multiple IP addresses on the TMG external nic is the default - THAT is the one that will be used for outbound NAT. Be aware that the order is NOT necessarily IP address order.

and yes, you would add additional ip addresses to the external nic first via the operating system config. System will likely need a reboot before TMG recognises they are there.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SingnetsvcAuthor Commented:
Under our Circumstances we resolved by reducingour external static range of IP's to Just one ip address.

Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.