[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Pinging does not work from TMG/ISA  server

Posted on 2012-08-22
6
Medium Priority
?
1,279 Views
Last Modified: 2012-08-25
I just installed  TMG 2010 with 2 NICs and created HOST entry of this TMG server on DC DNS.

For the internal, I configured IP add, SM, DNS and no DG.
For External, configured IP, SM and DG only.

But now I cant ping to Netbios of any member servers, But pinging via IP address.

could you pls provide me the solution
0
Comment
Question by:psanjoy
6 Comments
 
LVL 3

Expert Comment

by:mrworta
ID: 38320979
You should not rely on netbios for name resolution. On a firewalling device this protocol is very likely blocked by default.

Are your member servers listed within the DC's DNS and does the TMG use the DNS service from the DC?
0
 
LVL 4

Expert Comment

by:TI2Heaven
ID: 38321009
Please your question requires a little more explanation to be answered. Avoid using not common abbreviations ("IP add", "SM", "DG").
¿From where you ping?. ¿to whom?.
It seems you haven’t set your internal network. You need to add all ip ranges of your internal network. The NIC of the internal network of your ISA/TMG needs to have an IP set for ever subnet you have in your internal network unless there is a router in the middle of the firewall and the other subnet (in these case you will add a route in the OS of your firewall to announce this router).
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 825 total points
ID: 38321892
This is because your setup is incorrect. The EXTERNAL nic must have NO DNS. The INTERNAL nic needs the dns set and it should point to your INTERNAL DNS servers ip address(es).

The TMG/ISA box requires an access rule adding allowing DNS from localhost to internal.
It also requires an access rule to the firewall policy to allow dns from the internal to external.

Save the policy and - assuming you have setup your DNS forwarders correct on the internal DNS servers, job done.

Keith
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 

Author Closing Comment

by:psanjoy
ID: 38332207
I removed the DNS settings from external NIC. Thanks for your comment.
You can close this case.
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38332231
No problem. The issue is that by having DNS on the external nic as well, the TMG would have no control over WHICH dns entry to use (entry on the internal or entry on the external). If the TMg decided to use the DNS associated with the external nic then it would use an external DNS service that would have no knowledge of your NetBios-named internal servers.

If you want to you can look at my article on how to setup ISA or TMG at the basic level i.e. the pre-requisite steps before you even install the product.

http://www.experts-exchange.com/Microsoft/Windows_Security/A_1477-Configuring-ISA-2004-2006-Forefront-Threat-Management-Gateway-for-basic-networking-and-DNS-settings.html
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 38332236
PS - some people feel uncomfortable leaving a blank DNS on the external nic so simply put the internal dns ip addresses on both the internal and external nic.

PPS - Just for my interest, apart from giving you the answer, what else would i have needed to have done to get an A rather than a B?
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question