DJP1969
asked on
TMG ForeFront 2010 Cannot Ping/Be Pinged
Hi Experts!
A couple of days ago, during a windows update, our TMG 2010 server froze trying to install service pack 1. So we aborted the install (and in Windows updates it shows as "failed"). At the same time, we lost all connectivity to the internet.
Having reset a number of things, even to the point of re-entering the static routes, we still cannot get TMG to play on the network.
The TMG server sits in it's own IP range, and in it's own VLAN. It is a physical server, with an NIC for the internal network, and a NIC for the external network (which connects into a CISCO router provided by Virgin Media).
The network consists of a number of VLANS (10 for servers, 50,51,52 for the 3 floors of the building, 100 for the border LAN). Whilst I can ping the TMG server from the VLAN 50 for example, I cannot ping it from VLAN 10. The TMG server cannot ping any IP address either.
We've not changed any configuration of the VLANs, so I am at a loss to understand why all of a sudden TMG has gone wayward. More to the point, how to fix it.
Any ideas?
Thanks
A couple of days ago, during a windows update, our TMG 2010 server froze trying to install service pack 1. So we aborted the install (and in Windows updates it shows as "failed"). At the same time, we lost all connectivity to the internet.
Having reset a number of things, even to the point of re-entering the static routes, we still cannot get TMG to play on the network.
The TMG server sits in it's own IP range, and in it's own VLAN. It is a physical server, with an NIC for the internal network, and a NIC for the external network (which connects into a CISCO router provided by Virgin Media).
The network consists of a number of VLANS (10 for servers, 50,51,52 for the 3 floors of the building, 100 for the border LAN). Whilst I can ping the TMG server from the VLAN 50 for example, I cannot ping it from VLAN 10. The TMG server cannot ping any IP address either.
We've not changed any configuration of the VLANs, so I am at a loss to understand why all of a sudden TMG has gone wayward. More to the point, how to fix it.
Any ideas?
Thanks
After adding static routes, have you added the sinners to the relevant networks? They might all be being treated as external?
Are your network policies configure correctly for route/NAT etc?
What do the logs tell you?
Are your network policies configure correctly for route/NAT etc?
What do the logs tell you?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Issue was due to incomplete processing of the TMG 2010 SP1
External facing NIC - Default Gateway, no DnS
Internal Facing NIC - no default gateway, no DNS, different Subnet to the External NIC
Depending on the Subnet configuration of the rest of your network a static route will be needed. these routes must be attached to the specific interface for the internal network
i.e.
route add 1.1.1.0 mask 255.255.255.0 1.1.1.1 if 12 -p
once this is setup you'll need to check the network sets in TMG
the internal network needs to contain all of the internal network subnets excluding the external NIC
if you have checked through this then use the TMG logging tool to check and see whats happens to the ping when you send it