Pinging does not work from TMG/ISA  server

Posted on 2012-08-22
Last Modified: 2012-08-25
I just installed  TMG 2010 with 2 NICs and created HOST entry of this TMG server on DC DNS.

For the internal, I configured IP add, SM, DNS and no DG.
For External, configured IP, SM and DG only.

But now I cant ping to Netbios of any member servers, But pinging via IP address.

could you pls provide me the solution
Question by:psanjoy
    LVL 3

    Expert Comment

    You should not rely on netbios for name resolution. On a firewalling device this protocol is very likely blocked by default.

    Are your member servers listed within the DC's DNS and does the TMG use the DNS service from the DC?
    LVL 4

    Expert Comment

    Please your question requires a little more explanation to be answered. Avoid using not common abbreviations ("IP add", "SM", "DG").
    ¿From where you ping?. ¿to whom?.
    It seems you haven’t set your internal network. You need to add all ip ranges of your internal network. The NIC of the internal network of your ISA/TMG needs to have an IP set for ever subnet you have in your internal network unless there is a router in the middle of the firewall and the other subnet (in these case you will add a route in the OS of your firewall to announce this router).
    LVL 51

    Accepted Solution

    This is because your setup is incorrect. The EXTERNAL nic must have NO DNS. The INTERNAL nic needs the dns set and it should point to your INTERNAL DNS servers ip address(es).

    The TMG/ISA box requires an access rule adding allowing DNS from localhost to internal.
    It also requires an access rule to the firewall policy to allow dns from the internal to external.

    Save the policy and - assuming you have setup your DNS forwarders correct on the internal DNS servers, job done.


    Author Closing Comment

    I removed the DNS settings from external NIC. Thanks for your comment.
    You can close this case.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    No problem. The issue is that by having DNS on the external nic as well, the TMG would have no control over WHICH dns entry to use (entry on the internal or entry on the external). If the TMg decided to use the DNS associated with the external nic then it would use an external DNS service that would have no knowledge of your NetBios-named internal servers.

    If you want to you can look at my article on how to setup ISA or TMG at the basic level i.e. the pre-requisite steps before you even install the product.
    LVL 51

    Expert Comment

    by:Keith Alabaster
    PS - some people feel uncomfortable leaving a blank DNS on the external nic so simply put the internal dns ip addresses on both the internal and external nic.

    PPS - Just for my interest, apart from giving you the answer, what else would i have needed to have done to get an A rather than a B?

    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
    Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
    This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
    This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now