psanjoy
asked on
Pinging does not work from TMG/ISA server
I just installed TMG 2010 with 2 NICs and created HOST entry of this TMG server on DC DNS.
For the internal, I configured IP add, SM, DNS and no DG.
For External, configured IP, SM and DG only.
But now I cant ping to Netbios of any member servers, But pinging via IP address.
could you pls provide me the solution
For the internal, I configured IP add, SM, DNS and no DG.
For External, configured IP, SM and DG only.
But now I cant ping to Netbios of any member servers, But pinging via IP address.
could you pls provide me the solution
Please your question requires a little more explanation to be answered. Avoid using not common abbreviations ("IP add", "SM", "DG").
¿From where you ping?. ¿to whom?.
It seems you haven’t set your internal network. You need to add all ip ranges of your internal network. The NIC of the internal network of your ISA/TMG needs to have an IP set for ever subnet you have in your internal network unless there is a router in the middle of the firewall and the other subnet (in these case you will add a route in the OS of your firewall to announce this router).
¿From where you ping?. ¿to whom?.
It seems you haven’t set your internal network. You need to add all ip ranges of your internal network. The NIC of the internal network of your ISA/TMG needs to have an IP set for ever subnet you have in your internal network unless there is a router in the middle of the firewall and the other subnet (in these case you will add a route in the OS of your firewall to announce this router).
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I removed the DNS settings from external NIC. Thanks for your comment.
You can close this case.
You can close this case.
No problem. The issue is that by having DNS on the external nic as well, the TMG would have no control over WHICH dns entry to use (entry on the internal or entry on the external). If the TMg decided to use the DNS associated with the external nic then it would use an external DNS service that would have no knowledge of your NetBios-named internal servers.
If you want to you can look at my article on how to setup ISA or TMG at the basic level i.e. the pre-requisite steps before you even install the product.
https://www.experts-exchange.com/Microsoft/Windows_Security/A_1477-Configuring-ISA-2004-2006-Forefront-Threat-Management-Gateway-for-basic-networking-and-DNS-settings.html
If you want to you can look at my article on how to setup ISA or TMG at the basic level i.e. the pre-requisite steps before you even install the product.
https://www.experts-exchange.com/Microsoft/Windows_Security/A_1477-Configuring-ISA-2004-2006-Forefront-Threat-Management-Gateway-for-basic-networking-and-DNS-settings.html
PS - some people feel uncomfortable leaving a blank DNS on the external nic so simply put the internal dns ip addresses on both the internal and external nic.
PPS - Just for my interest, apart from giving you the answer, what else would i have needed to have done to get an A rather than a B?
PPS - Just for my interest, apart from giving you the answer, what else would i have needed to have done to get an A rather than a B?
Are your member servers listed within the DC's DNS and does the TMG use the DNS service from the DC?