Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Publish Web Servers through TMG 2010 in a Routed Relationship

Posted on 2012-03-29
4
Medium Priority
?
1,214 Views
Last Modified: 2012-06-22
Hello. I am trying to configure TMG2010 behind an ASA 5510. It is physically connected as follows:

Internet
|
Cisco ASA 5510
|
Perimeter Network (DMZ)
|
TMG 2010
|
LAN

The ASA is performing NAT and there is a Route relationship between the LAN and Perimeter network.

As a test, I have an Apache web server on the LAN. I can successfully publish it using an Access Rule, but I want to use a Web listener. Ultimately, I will be publishing Exchange as well.

I have tried multiple times without success. Can someone please give me a once-and-for-all example or how-to for this?
0
Comment
Question by:Program_Poser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 29

Expert Comment

by:pwindell
ID: 37783847
Using a Routed Relationship allows you the ability to "get away" with using only Access Rules,...but it does not mean you still cannot use Web Server Publishing Rules Rules (AFAIK).  But I am pretty sure that you cannot use Non-Web Server Publishing Rule because they are based on Reverse-NAT and you loose that when you loose the NAT Relationship.

Delete the Access Rule and replace it with a Web Server Publishing Rule.

You can't publish Exchange as if it is a single entity.  Each part of Exchange that you publish (SMTP, POP3, IMAP, OWA [HTTPS]) is a separate Publishing Process and not all are the same type.  Anything running over HTTP or HTTPS will be a Web Server Publishing Rule while the others would be a Non-Web Server Publishing Rule.  However the Exchange Publishing Wizard will automatically create the right type of Rule based on what component you choose to Publish.  But the problem you are going to have there is that you are running a Routed Relationship to "External",...So I expect the OWA (HTTPS) Rule to work but you'd have to use Access Rules for the rest.

Web Server Publishing Rules operate as a Reverse-Web Proxying process.
Non-Web Server Publishing Rules operate as a Reverse-NAT process.
....so they are two entirely different things base on entirely different technologies.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 2000 total points
ID: 37783862
As you may have guessed,..I have never run a "routed" relationship to External,..so it is kinda all "theoretical" to me as to some of the gory details of what works and what doesn't in such a case.
0
 
LVL 5

Author Closing Comment

by:Program_Poser
ID: 37796128
I ended up changing it to a NAT relationship and I have it working. The real issue is that IIS was installed along with the .NET framework and that's why I couldn't get a listener to work. Thanks for trying :-)
0
 
LVL 29

Expert Comment

by:pwindell
ID: 37796613
Never,...ever,...ever,...install IIS on an TMG box.

Remove it.

TMG uses Port80 to Publish WPAD and uses 8080 to listen for HTTP Proxy requests.

TMG is not a "server" that you can just install things on.  It is a Firewall Product just like ASA, PIX, Sonicwall etc,....you don't see people installing things on them.  TMG can even be purchased as a Hardware Appliance.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Forefront is the brand name for Microsoft's major security product. Forefront covers a number of specific security areas and has 'swallowed' a number of applications under this umbrella including Antigen, ISA Server, the Integrated Access Gateway (t…
In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question