?
Solved

Cisco ASA and Microsoft TMG Back to Back Issue

Posted on 2014-03-03
6
Medium Priority
?
447 Views
Last Modified: 2014-03-30
Hello Experts,

I have weird issue.

I have a Cisco ASA 5540 with 4 interfaces Outside,Inside, DMZ, TMG ( back to Back).

I have Microsoft TMG with 2 NICs. Internal Interface connected to Inside Switch and External directly connected to ASA TMG interface (Gi0/3).

I have default gateway on external interface pointing to ASA.

We are using TMG only as Web Proxy. Very often I start receiving call from user that cannot browse internet and they receive TMG error page.

When we move to TMG to diagnose the issue, we came to know that TMG cannot ping IP of ASA interface ( Gi0/3- Default of gateway TMG. In order to resolve this issue I have to reboot to the ASA.

Please can someone help to resolve this issue.

Thanks
0
Comment
Question by:cciedreamer
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39902916
Hi Samir,

Can you do some debugging on the ASA?  The logs should be able to give you some clues if you check at around the time the issue started to happen.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39902951
Hi Sir,

How are you ? Hope all is well.

Any important debug command to start with ?

Thanks
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 2000 total points
ID: 39903011
I'm good thanks, Samir, hope you are well :-)

I'd just take some traffic logs at the time you stop being able to pass traffic through the ASA.  You might be able to see something being blocked.

Do you have any IDS or IPS running?
0
Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

 
LVL 3

Author Comment

by:cciedreamer
ID: 39903016
Yes  We have IPS and module installed on ASA ?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39949878
I am just waiting to let issue appear again.

Thanks
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39964837
Thanks Sir,

Issue Resolved. ASA was putting the TMG server into shunned mode

I entered no shun command on ASA

I have no idea why ASA putting TMG server into shun mode.
0

Featured Post

Percona Live Europe 2017 | Sep 25 - 27, 2017

The Percona Live Open Source Database Conference Europe 2017 is the premier event for the diverse and active European open source database community, as well as businesses that develop and use open source database software.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses
Course of the Month14 days, 23 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question