Pinging does not work from TMG/ISA server

I just installed  TMG 2010 with 2 NICs and created HOST entry of this TMG server on DC DNS.

For the internal, I configured IP add, SM, DNS and no DG.
For External, configured IP, SM and DG only.

But now I cant ping to Netbios of any member servers, But pinging via IP address.

could you pls provide me the solution
psanjoySystem AdministratorAsked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
This is because your setup is incorrect. The EXTERNAL nic must have NO DNS. The INTERNAL nic needs the dns set and it should point to your INTERNAL DNS servers ip address(es).

The TMG/ISA box requires an access rule adding allowing DNS from localhost to internal.
It also requires an access rule to the firewall policy to allow dns from the internal to external.

Save the policy and - assuming you have setup your DNS forwarders correct on the internal DNS servers, job done.

Keith
0
 
mrwortaCommented:
You should not rely on netbios for name resolution. On a firewalling device this protocol is very likely blocked by default.

Are your member servers listed within the DC's DNS and does the TMG use the DNS service from the DC?
0
 
TI2HeavenCommented:
Please your question requires a little more explanation to be answered. Avoid using not common abbreviations ("IP add", "SM", "DG").
¿From where you ping?. ¿to whom?.
It seems you haven’t set your internal network. You need to add all ip ranges of your internal network. The NIC of the internal network of your ISA/TMG needs to have an IP set for ever subnet you have in your internal network unless there is a router in the middle of the firewall and the other subnet (in these case you will add a route in the OS of your firewall to announce this router).
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
psanjoySystem AdministratorAuthor Commented:
I removed the DNS settings from external NIC. Thanks for your comment.
You can close this case.
0
 
Keith AlabasterEnterprise ArchitectCommented:
No problem. The issue is that by having DNS on the external nic as well, the TMG would have no control over WHICH dns entry to use (entry on the internal or entry on the external). If the TMg decided to use the DNS associated with the external nic then it would use an external DNS service that would have no knowledge of your NetBios-named internal servers.

If you want to you can look at my article on how to setup ISA or TMG at the basic level i.e. the pre-requisite steps before you even install the product.

http://www.experts-exchange.com/Microsoft/Windows_Security/A_1477-Configuring-ISA-2004-2006-Forefront-Threat-Management-Gateway-for-basic-networking-and-DNS-settings.html
0
 
Keith AlabasterEnterprise ArchitectCommented:
PS - some people feel uncomfortable leaving a blank DNS on the external nic so simply put the internal dns ip addresses on both the internal and external nic.

PPS - Just for my interest, apart from giving you the answer, what else would i have needed to have done to get an A rather than a B?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.