Solved

Cisco ASA and Microsoft TMG Back to Back Issue

Posted on 2014-03-03
6
434 Views
Last Modified: 2014-03-30
Hello Experts,

I have weird issue.

I have a Cisco ASA 5540 with 4 interfaces Outside,Inside, DMZ, TMG ( back to Back).

I have Microsoft TMG with 2 NICs. Internal Interface connected to Inside Switch and External directly connected to ASA TMG interface (Gi0/3).

I have default gateway on external interface pointing to ASA.

We are using TMG only as Web Proxy. Very often I start receiving call from user that cannot browse internet and they receive TMG error page.

When we move to TMG to diagnose the issue, we came to know that TMG cannot ping IP of ASA interface ( Gi0/3- Default of gateway TMG. In order to resolve this issue I have to reboot to the ASA.

Please can someone help to resolve this issue.

Thanks
0
Comment
Question by:cciedreamer
  • 4
  • 2
6 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 39902916
Hi Samir,

Can you do some debugging on the ASA?  The logs should be able to give you some clues if you check at around the time the issue started to happen.
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39902951
Hi Sir,

How are you ? Hope all is well.

Any important debug command to start with ?

Thanks
0
 
LVL 46

Accepted Solution

by:
Craig Beck earned 500 total points
ID: 39903011
I'm good thanks, Samir, hope you are well :-)

I'd just take some traffic logs at the time you stop being able to pass traffic through the ASA.  You might be able to see something being blocked.

Do you have any IDS or IPS running?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:cciedreamer
ID: 39903016
Yes  We have IPS and module installed on ASA ?
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39949878
I am just waiting to let issue appear again.

Thanks
0
 
LVL 3

Author Comment

by:cciedreamer
ID: 39964837
Thanks Sir,

Issue Resolved. ASA was putting the TMG server into shunned mode

I entered no shun command on ASA

I have no idea why ASA putting TMG server into shun mode.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Telepresence on backup 3 54
Cisco Maximum Prefixes Allowed for Customer 5 36
Poll Active Directory user information 11 63
cisco asa proxy arp 2 25
Common practice undertaken by most system administrators is to document the configurations and final solutions of anything performed by them for their future use and reference. So here I am going to explain how to export ISA Server 2004 Firewall pol…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question