Solved

Cisco ASA and Microsoft TMG Back to Back Issue

Posted on 2014-03-03
6
417 Views
Last Modified: 2014-03-30
Hello Experts,

I have weird issue.

I have a Cisco ASA 5540 with 4 interfaces Outside,Inside, DMZ, TMG ( back to Back).

I have Microsoft TMG with 2 NICs. Internal Interface connected to Inside Switch and External directly connected to ASA TMG interface (Gi0/3).

I have default gateway on external interface pointing to ASA.

We are using TMG only as Web Proxy. Very often I start receiving call from user that cannot browse internet and they receive TMG error page.

When we move to TMG to diagnose the issue, we came to know that TMG cannot ping IP of ASA interface ( Gi0/3- Default of gateway TMG. In order to resolve this issue I have to reboot to the ASA.

Please can someone help to resolve this issue.

Thanks
0
Comment
Question by:cciedreamer
  • 4
  • 2
6 Comments
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Hi Samir,

Can you do some debugging on the ASA?  The logs should be able to give you some clues if you check at around the time the issue started to happen.
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
Hi Sir,

How are you ? Hope all is well.

Any important debug command to start with ?

Thanks
0
 
LVL 45

Accepted Solution

by:
Craig Beck earned 500 total points
Comment Utility
I'm good thanks, Samir, hope you are well :-)

I'd just take some traffic logs at the time you stop being able to pass traffic through the ASA.  You might be able to see something being blocked.

Do you have any IDS or IPS running?
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
Yes  We have IPS and module installed on ASA ?
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
I am just waiting to let issue appear again.

Thanks
0
 
LVL 3

Author Comment

by:cciedreamer
Comment Utility
Thanks Sir,

Issue Resolved. ASA was putting the TMG server into shunned mode

I entered no shun command on ASA

I have no idea why ASA putting TMG server into shun mode.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now