Monday, September 03, 2012 10:55 AM
I have TMG 2010 with 2 IPS
1)89.*.*.25 --- This one is a real IP where my ISP provides me with 8 on the same subnet
2)192.168.4.254 --- default gateway for users
Some users need RDP access to my main server (192.168.4.99) over the internet, So they have added another NIC on the mainserver coming from the modem with IP (89.*.*.26). I want to remove This NIC and let my TMG redirect IP (89.*.*.26) to (192.168.4.99) when users connect over RDP.
I have added a secondary real IP to my TMG and added a network NAT rule from main server to real ip. And still nothing works. I have also installed IP Binder and still not been able to make it work, When I rdp my secondary real IP on TMG, It always takes me to TMG where I want to be on my main server.
BTW I have done this on fortigate firewall where it's called IP virtualization
Thanks for your help.
Monday, September 03, 2012 2:51 PMModerator
You need to create a server publishing rule that listens on the external network (89.*.*.26) and sends connections to 192.168.4.99 and limit this to the 'RDP (Terminal Services) Server' protocol.
- Edited by Jason Jones [MSFT]Microsoft Employee, Moderator Monday, September 03, 2012 2:53 PM
Tuesday, September 04, 2012 7:23 AMHey JJ thanks for your reply! I added an external network with range (89.*.*.26-89.*.*.26). and created the server publishing rule to listen to that ip with "to" ip 192.168.4.99 and protocol rdp server. But it's still not working. I have DSL btw. I think my TMG can't figure out my provided real ip range. Should I add 89.*.*.26 this real ip as a secondary ip to TMGSERVER 89.*.*.25, and make it send connections? Or there is something wrong with my modem?
Tuesday, September 04, 2012 11:53 AM
Should there be any NAT rules? or ROUTE Rules? NAT is enabled on my modem btw.
Tuesday, September 04, 2012 12:04 PMModerator
Delete any custom networks you have created, they are not needed.
You just need to add .26 as a additional IP address on your external-facing NIC that is connected to the DSL network.
When you define the server publishing rule, select the default External Network object and then choose the specific .26 to listen on.
The default relationships between External and Internal should be sufficient for what you are doing...
Tuesday, September 04, 2012 2:12 PM
You are over complicating this buddy. TMG does everything for you! Simply add the ISP addresses that this TMG machine will be responsible for LISTENING for. Example:
- ISP gives 18.104.22.168 and 22.214.171.124 to contoso.com
- Contoso.com admin sets up 126.96.36.199 for rdp and 188.8.131.52 for default website
- Admin goes to the EXTERNAL NIC on the TMG machine, "change adapter settings", select IPv4 or 6 whichever you're using, Go to Advance, and add 184.108.40.206 and 220.127.116.11.
- Now, open TMG and create your rules "New Non-Web Publishing Rule"
Server IP: 192.168.4.99
Protocol: RDP Server
From Listener: Select "External" then click "Address" at the bottom. Select the specific Address 18.104.22.168
Now to RDP to the server you specified, simply open remote desktop and type in the external ISP address...in my exmaple case 22.214.171.124
Note: This is the same answer Jason gave you...I just walked the steps
Wednesday, September 05, 2012 1:50 PMHeyy Guys it worked thanks alott!! My problem was that I had a second adapter linked to the server which was misleading my publishing rule to take me TMG. I tried to redirect to another PC and it worked! Thanks alott!!
- Marked As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Moderator Monday, September 10, 2012 1:49 AM
Wednesday, September 05, 2012 1:54 PM
It worked Thanks alot!! My problem was that my second nic was used by another network which misled TMG publishing rule. I tried it on a client PC and it worked. Thanks alot!!