Solved

Publish Web Servers through TMG 2010 in a Routed Relationship

Posted on 2012-03-29
4
1,183 Views
Last Modified: 2012-06-22
Hello. I am trying to configure TMG2010 behind an ASA 5510. It is physically connected as follows:

Internet
|
Cisco ASA 5510
|
Perimeter Network (DMZ)
|
TMG 2010
|
LAN

The ASA is performing NAT and there is a Route relationship between the LAN and Perimeter network.

As a test, I have an Apache web server on the LAN. I can successfully publish it using an Access Rule, but I want to use a Web listener. Ultimately, I will be publishing Exchange as well.

I have tried multiple times without success. Can someone please give me a once-and-for-all example or how-to for this?
0
Comment
Question by:Program_Poser
  • 3
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 37783847
Using a Routed Relationship allows you the ability to "get away" with using only Access Rules,...but it does not mean you still cannot use Web Server Publishing Rules Rules (AFAIK).  But I am pretty sure that you cannot use Non-Web Server Publishing Rule because they are based on Reverse-NAT and you loose that when you loose the NAT Relationship.

Delete the Access Rule and replace it with a Web Server Publishing Rule.

You can't publish Exchange as if it is a single entity.  Each part of Exchange that you publish (SMTP, POP3, IMAP, OWA [HTTPS]) is a separate Publishing Process and not all are the same type.  Anything running over HTTP or HTTPS will be a Web Server Publishing Rule while the others would be a Non-Web Server Publishing Rule.  However the Exchange Publishing Wizard will automatically create the right type of Rule based on what component you choose to Publish.  But the problem you are going to have there is that you are running a Routed Relationship to "External",...So I expect the OWA (HTTPS) Rule to work but you'd have to use Access Rules for the rest.

Web Server Publishing Rules operate as a Reverse-Web Proxying process.
Non-Web Server Publishing Rules operate as a Reverse-NAT process.
....so they are two entirely different things base on entirely different technologies.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 37783862
As you may have guessed,..I have never run a "routed" relationship to External,..so it is kinda all "theoretical" to me as to some of the gory details of what works and what doesn't in such a case.
0
 
LVL 5

Author Closing Comment

by:Program_Poser
ID: 37796128
I ended up changing it to a NAT relationship and I have it working. The real issue is that IIS was installed along with the .NET framework and that's why I couldn't get a listener to work. Thanks for trying :-)
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37796613
Never,...ever,...ever,...install IIS on an TMG box.

Remove it.

TMG uses Port80 to Publish WPAD and uses 8080 to listen for HTTP Proxy requests.

TMG is not a "server" that you can just install things on.  It is a Firewall Product just like ASA, PIX, Sonicwall etc,....you don't see people installing things on them.  TMG can even be purchased as a Hardware Appliance.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
L2 Port channel question 6 41
BIG IP GTM upgrade 2 152
Policy Base Routing Cisco 6500 Switch 10 107
slow vpn connection 9 77
As dyndns has reduced the capabilities of the free service, I looked around for other free providers of Dynamic DNS service. After testing several I decided to move my DNS hosting to Hurricane Electric as then domains that require dynamic hostnam…
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question