Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1226
  • Last Modified:

Publish Web Servers through TMG 2010 in a Routed Relationship

Hello. I am trying to configure TMG2010 behind an ASA 5510. It is physically connected as follows:

Internet
|
Cisco ASA 5510
|
Perimeter Network (DMZ)
|
TMG 2010
|
LAN

The ASA is performing NAT and there is a Route relationship between the LAN and Perimeter network.

As a test, I have an Apache web server on the LAN. I can successfully publish it using an Access Rule, but I want to use a Web listener. Ultimately, I will be publishing Exchange as well.

I have tried multiple times without success. Can someone please give me a once-and-for-all example or how-to for this?
0
Program_Poser
Asked:
Program_Poser
  • 3
1 Solution
 
pwindellCommented:
Using a Routed Relationship allows you the ability to "get away" with using only Access Rules,...but it does not mean you still cannot use Web Server Publishing Rules Rules (AFAIK).  But I am pretty sure that you cannot use Non-Web Server Publishing Rule because they are based on Reverse-NAT and you loose that when you loose the NAT Relationship.

Delete the Access Rule and replace it with a Web Server Publishing Rule.

You can't publish Exchange as if it is a single entity.  Each part of Exchange that you publish (SMTP, POP3, IMAP, OWA [HTTPS]) is a separate Publishing Process and not all are the same type.  Anything running over HTTP or HTTPS will be a Web Server Publishing Rule while the others would be a Non-Web Server Publishing Rule.  However the Exchange Publishing Wizard will automatically create the right type of Rule based on what component you choose to Publish.  But the problem you are going to have there is that you are running a Routed Relationship to "External",...So I expect the OWA (HTTPS) Rule to work but you'd have to use Access Rules for the rest.

Web Server Publishing Rules operate as a Reverse-Web Proxying process.
Non-Web Server Publishing Rules operate as a Reverse-NAT process.
....so they are two entirely different things base on entirely different technologies.
0
 
pwindellCommented:
As you may have guessed,..I have never run a "routed" relationship to External,..so it is kinda all "theoretical" to me as to some of the gory details of what works and what doesn't in such a case.
0
 
Program_PoserAuthor Commented:
I ended up changing it to a NAT relationship and I have it working. The real issue is that IIS was installed along with the .NET framework and that's why I couldn't get a listener to work. Thanks for trying :-)
0
 
pwindellCommented:
Never,...ever,...ever,...install IIS on an TMG box.

Remove it.

TMG uses Port80 to Publish WPAD and uses 8080 to listen for HTTP Proxy requests.

TMG is not a "server" that you can just install things on.  It is a Firewall Product just like ASA, PIX, Sonicwall etc,....you don't see people installing things on them.  TMG can even be purchased as a Hardware Appliance.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now