Sign in
 
HomeProductsLibraryLearnDownloadsSupportForums
Microsoft Forefront TechCenter >
TMG IP Virtualization (static NAT)

Answered TMG IP Virtualization (static NAT)

  • Monday, September 03, 2012 10:55 AM
     
     
    Sign In to Vote
    0

    HI All.

    I have TMG 2010 with 2 IPS

    1)89.*.*.25   --- This one is a real IP where my ISP provides me with 8 on the same subnet

    2)192.168.4.254  --- default gateway for users

    Some users need RDP access to my main server (192.168.4.99) over the internet, So they have added another NIC on the mainserver coming from the modem with IP (89.*.*.26). I want to remove This NIC and let my TMG redirect IP (89.*.*.26) to (192.168.4.99) when users connect over RDP.

    I have added a secondary real IP to my TMG and added a network NAT rule from main server to real ip. And still nothing works. I have also installed IP Binder and still not been able to make it work, When I rdp my secondary real IP on TMG, It always takes me to TMG where I want to be on my main server.

    BTW I have done this on fortigate firewall where it's called IP virtualization

    Thanks for your help.

     

All Replies

  • Monday, September 03, 2012 2:51 PM
    Moderator
     
     
    Sign In to Vote
    1

    You need to create a server publishing rule that listens on the external network (89.*.*.26) and sends connections to 192.168.4.99 and limit this to the 'RDP (Terminal Services) Server' protocol.

    http://www.isaserver.org/tutorials/tmg-back-basics-part1.html

    Cheers

    JJ

    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk


     
  • Tuesday, September 04, 2012 7:23 AM
     
     
    Sign In to Vote
    0
    Hey JJ thanks for your reply! I added an external network with range (89.*.*.26-89.*.*.26). and created the server publishing rule to listen to that ip with "to" ip 192.168.4.99 and protocol rdp server. But it's still not working. I have DSL btw. I think my TMG can't figure out my provided real ip range. Should I add 89.*.*.26 this real ip as a secondary ip to TMGSERVER 89.*.*.25, and make it send connections? Or there is something wrong with my modem?
     
  • Tuesday, September 04, 2012 11:53 AM
     
     
    Sign In to Vote
    0

    Should there be any NAT rules? or ROUTE Rules? NAT is enabled on my modem btw.

     
  • Tuesday, September 04, 2012 12:04 PM
    Moderator
     
     
    Sign In to Vote
    1

    Delete any custom networks you have created, they are not needed.

    You just need to add .26 as a additional IP address on your external-facing NIC that is connected to the DSL network.

    When you define the server publishing rule, select the default External Network object and then choose the specific .26 to listen on.

    The default relationships between External and Internal should be sufficient for what you are doing...

    Cheers

    JJ

    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

     
  • Tuesday, September 04, 2012 2:12 PM
     
     
    Sign In to Vote
    1

    Leviathan,

    You are over complicating this buddy. TMG does everything for you! Simply add the ISP addresses that this TMG machine will be responsible for LISTENING for. Example:

    • ISP gives 1.1.1.1 and 1.1.1.2 to contoso.com
    • Contoso.com admin sets up 1.1.1.1 for rdp and 1.1.1.2 for default website
    • Admin goes to the EXTERNAL NIC on the TMG machine, "change adapter settings", select IPv4 or 6 whichever you're using, Go to Advance, and add 1.1.1.1 and 1.1.1.2.
    • Now, open TMG and create your rules "New Non-Web Publishing Rule" 

    Server IP: 192.168.4.99

    Protocol: RDP Server

    From Listener: Select "External" then click "Address" at the bottom. Select the specific Address 1.1.1.1

    Finsh

    Apply

    Now to RDP to the server you specified, simply open remote desktop and type in the external ISP address...in my exmaple case 1.1.1.1

    Note: This is the same answer Jason gave you...I just walked the steps

     
  • Wednesday, September 05, 2012 1:50 PM
     
     Answered
    Sign In to Vote
    0
    Heyy Guys it worked thanks alott!! My problem was that I had a second adapter linked to the server which was misleading my publishing rule to take me TMG. I tried to redirect to another PC and it worked! Thanks alott!!
     
  • Wednesday, September 05, 2012 1:54 PM
     
     
    Sign In to Vote
    0

    It worked Thanks alot!! My problem was that my second nic was used by another network which misled TMG publishing rule. I tried it on a client PC and it worked. Thanks alot!!