Solved

Publish Web Servers through TMG 2010 in a Routed Relationship

Posted on 2012-03-29
4
1,175 Views
Last Modified: 2012-06-22
Hello. I am trying to configure TMG2010 behind an ASA 5510. It is physically connected as follows:

Internet
|
Cisco ASA 5510
|
Perimeter Network (DMZ)
|
TMG 2010
|
LAN

The ASA is performing NAT and there is a Route relationship between the LAN and Perimeter network.

As a test, I have an Apache web server on the LAN. I can successfully publish it using an Access Rule, but I want to use a Web listener. Ultimately, I will be publishing Exchange as well.

I have tried multiple times without success. Can someone please give me a once-and-for-all example or how-to for this?
0
Comment
Question by:Program_Poser
  • 3
4 Comments
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
Using a Routed Relationship allows you the ability to "get away" with using only Access Rules,...but it does not mean you still cannot use Web Server Publishing Rules Rules (AFAIK).  But I am pretty sure that you cannot use Non-Web Server Publishing Rule because they are based on Reverse-NAT and you loose that when you loose the NAT Relationship.

Delete the Access Rule and replace it with a Web Server Publishing Rule.

You can't publish Exchange as if it is a single entity.  Each part of Exchange that you publish (SMTP, POP3, IMAP, OWA [HTTPS]) is a separate Publishing Process and not all are the same type.  Anything running over HTTP or HTTPS will be a Web Server Publishing Rule while the others would be a Non-Web Server Publishing Rule.  However the Exchange Publishing Wizard will automatically create the right type of Rule based on what component you choose to Publish.  But the problem you are going to have there is that you are running a Routed Relationship to "External",...So I expect the OWA (HTTPS) Rule to work but you'd have to use Access Rules for the rest.

Web Server Publishing Rules operate as a Reverse-Web Proxying process.
Non-Web Server Publishing Rules operate as a Reverse-NAT process.
....so they are two entirely different things base on entirely different technologies.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
Comment Utility
As you may have guessed,..I have never run a "routed" relationship to External,..so it is kinda all "theoretical" to me as to some of the gory details of what works and what doesn't in such a case.
0
 
LVL 5

Author Closing Comment

by:Program_Poser
Comment Utility
I ended up changing it to a NAT relationship and I have it working. The real issue is that IIS was installed along with the .NET framework and that's why I couldn't get a listener to work. Thanks for trying :-)
0
 
LVL 29

Expert Comment

by:pwindell
Comment Utility
Never,...ever,...ever,...install IIS on an TMG box.

Remove it.

TMG uses Port80 to Publish WPAD and uses 8080 to listen for HTTP Proxy requests.

TMG is not a "server" that you can just install things on.  It is a Firewall Product just like ASA, PIX, Sonicwall etc,....you don't see people installing things on them.  TMG can even be purchased as a Hardware Appliance.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

In Africa (and potentially where you live…), reliability of ISPs is questionable.  With the increased reliance on e-mail as one of the primary forms of communication, the costs to business are significant based on interuption of ISP Connectivity.  T…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now