Solved

Publish Web Servers through TMG 2010 in a Routed Relationship

Posted on 2012-03-29
4
1,180 Views
Last Modified: 2012-06-22
Hello. I am trying to configure TMG2010 behind an ASA 5510. It is physically connected as follows:

Internet
|
Cisco ASA 5510
|
Perimeter Network (DMZ)
|
TMG 2010
|
LAN

The ASA is performing NAT and there is a Route relationship between the LAN and Perimeter network.

As a test, I have an Apache web server on the LAN. I can successfully publish it using an Access Rule, but I want to use a Web listener. Ultimately, I will be publishing Exchange as well.

I have tried multiple times without success. Can someone please give me a once-and-for-all example or how-to for this?
0
Comment
Question by:Program_Poser
  • 3
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 37783847
Using a Routed Relationship allows you the ability to "get away" with using only Access Rules,...but it does not mean you still cannot use Web Server Publishing Rules Rules (AFAIK).  But I am pretty sure that you cannot use Non-Web Server Publishing Rule because they are based on Reverse-NAT and you loose that when you loose the NAT Relationship.

Delete the Access Rule and replace it with a Web Server Publishing Rule.

You can't publish Exchange as if it is a single entity.  Each part of Exchange that you publish (SMTP, POP3, IMAP, OWA [HTTPS]) is a separate Publishing Process and not all are the same type.  Anything running over HTTP or HTTPS will be a Web Server Publishing Rule while the others would be a Non-Web Server Publishing Rule.  However the Exchange Publishing Wizard will automatically create the right type of Rule based on what component you choose to Publish.  But the problem you are going to have there is that you are running a Routed Relationship to "External",...So I expect the OWA (HTTPS) Rule to work but you'd have to use Access Rules for the rest.

Web Server Publishing Rules operate as a Reverse-Web Proxying process.
Non-Web Server Publishing Rules operate as a Reverse-NAT process.
....so they are two entirely different things base on entirely different technologies.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 37783862
As you may have guessed,..I have never run a "routed" relationship to External,..so it is kinda all "theoretical" to me as to some of the gory details of what works and what doesn't in such a case.
0
 
LVL 5

Author Closing Comment

by:Program_Poser
ID: 37796128
I ended up changing it to a NAT relationship and I have it working. The real issue is that IIS was installed along with the .NET framework and that's why I couldn't get a listener to work. Thanks for trying :-)
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37796613
Never,...ever,...ever,...install IIS on an TMG box.

Remove it.

TMG uses Port80 to Publish WPAD and uses 8080 to listen for HTTP Proxy requests.

TMG is not a "server" that you can just install things on.  It is a Firewall Product just like ASA, PIX, Sonicwall etc,....you don't see people installing things on them.  TMG can even be purchased as a Hardware Appliance.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When replacing some switches recently I started playing with the idea of having admins authenticate with their domain accounts instead of having local users on all switches all over the place. Since I allready had an w2k8R2 NPS running for my acc…
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question