Unable to Connect to Internet from the LAN after changing LAN Subnet

Due to directive from HQ we were asked to change out LAN subnet to a new subnet. After doing this however, my internal DNS server (running on Windows Server 2008 R2 DC) is not able to resolve DNS names. The gateway is a Forefront TMG server. When I put the ISP DNS server IPs on the external interface I am able to browse from the TMG server but not from any machine on the LAN.
nimocanICT ManagerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

piattndCommented:
We need more information.  What was your subnet mask previously and what did you set it to?
0
nimocanICT ManagerAuthor Commented:
Previous subnet was 172.16.0.0/16 and the new subnet is 172.20.4.0/22
0
piattndCommented:
What is the gateway and IP address of a machine you cannot get working when you do an ipconfig?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

nimocanICT ManagerAuthor Commented:
Basically whether I try connecting from any of the servers, including the DNS server I am not able to go to the internet. The new DHCP scope is working perfectly and sending the correct config to the workstations according to how I have configured it on the DHCP server.
0
piattndCommented:
Right, so we're troubleshooting network connectivity right now.  Lets start with your DNS server, because I'm guessing if your DNS server can't get to the internet, it's also not able to provide name resolution for unknown hosts (forward name lookups to internet name servers).

Can you ping the gateway address configured on your DNS server?  Do a tracert 4.2.2.4.  Does it succeed?  If not, where does it stop responding?
0
nimocanICT ManagerAuthor Commented:
Strangely enough I don't get a respond from the tracert. It times out from the first hop.
0
piattndCommented:
What is the IP address of the server, IP of the gateway, and the subnet mask?  Can you ping the gateway?
0
nimocanICT ManagerAuthor Commented:
IP configuration on the server is correct i.e. IP Address is 172.20.4.4 Subnet mask is 255.255.252.0  and Gateway is 172.20.4.2. I have used the same subnet mask on the gateway. I cannot ping the gateway because TMG (which is the gateway) blocks Ping traffic. However I am able to ping from the gateway to the server.
0
piattndCommented:
I'd suggest going through this blog article about the TMG and the network settings.  I'm not sure if you've changed anything within the TMG, but it sounds like you need to go through your TMG network settings and confirm everything is set appropriately inside of there.

http://blogs.technet.com/b/yuridiogenes/archive/2011/08/16/side-effect-of-wrong-network-configuration-on-forefront-tmg.aspx
0
nimocanICT ManagerAuthor Commented:
Thanks for your help, but my basic network configuration did not change, only the IP address scheme. When I changed back to the old IP address scheme, everything works well. That is why this is abit strange.
0
piattndCommented:
It's not strange at all.  You have to designate your internal subnets within your TMG.  When you change your subnet mask, you change your internal subnet ranges.
0
nimocanICT ManagerAuthor Commented:
I have done all this. I have been working with proxy servers since the days of ISA 2004 and I understand how to configure them from scratch. After changing the network settings on the TMG server's NIC. I did the same in the TMG server's network settings. I even confirmed that the routing table had picked up the new route with the new IP configuration.
0
piattndCommented:
Well I don't know what to tell you then, since you already know you've configured everything correctly and it's still not working.  You have something wrong somewhere, whether that's inside the TMG, or the routers/switches in between.  Check the local route tables on the DNS server to make sure no old route is stuck in there.  Because the lack of information around how your traffic is supposed to flow, we're pretty limited on helping you identify where the flaw is, as changing the subnet mask is not a small thing and would impact configuration in quite a few places/devices (depending on your network size).
0
vivigattCommented:
What was the previous configuration (IP range, subnet masks, gateway addresses...)?
0
nimocanICT ManagerAuthor Commented:
If I use the example of the DNS Server (one of the Windows 2008 R2 DCs), 172.16.5.4 255.255.0.0 172.16.5.1
0
nimocanICT ManagerAuthor Commented:
I ended up re-installing the TMG Server and reconfiguring it with the previous firewall rules and this solved the problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
nimocanICT ManagerAuthor Commented:
There was no additional information that I could think of to give and since I had no other options I just re-installed the server from scratch.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.