none
DSL ROUTER & FOREFRONT

    คำถาม

  • Hi Guys

    I hope everyone is well. I really need some help on this, I hope you guys can help.

    Here is the scenario:

    I have a Windows Server 2008 R2 Machine with 3 NICS. I installed Hyper V on this server and Forefront TMG. I correctly managed to add 2 of the 3 network cards to the TMG.

    The Network runs in the 192.168.0.1  to 192.168.0.254 Range.

    DHCP is enable on the Primary windows Server with a scope of 192.168.0.30-60.

    The DSL Router is statically set to 192.168.0.1

    The Primary server is 192.168.0.2

    Before installing TMG I statically set the IP address of the Two NICs in Hyperv and named them "Internal and External".

    These are the settings of the two NICS:

    Internal(Static) Only IP: 192.168.0.200 and Subnet and DNS: 192.168.0.2 is set

    External (Static) Only IP192.168.0.205 and Subnet and Default Gateway : 192.168.0.1 is set.

    The Internal NIC is connected to the Switch. The External NIC is connected to the DSL router.

    On successfully installing TMG and completing the installation wizards as well as adding DNS to the list of firewall policy's for all domain users - "DNS access for Internal to external. The TMG gateway application still indicates on the task bar a little explanation-mark indicating no internet access.

    I have tried figuring this out- but I am really struggling. I have a feeling that because the external NIC connected to the DSL router only has a Default gateway entered under the IP4 setting and no DNS entry this could be the error?

    Further more I have spent over 5 days trying to figure out why the TMG indicates an no internet aces error.

    The main server on which the Hyper V is hosted has internet access- it has the DSL routers IP address in the Defualt gateway and Secondary DNS fields.

    Where as the External NIC on TMG only has the Default gateway set and no DNS- Apparently this is the setting MS require.

    Could the DNS be the error or is there more?

    If you guys can help out I would be for ever thank full.

    Thank so much



    • แก้ไขโดย Pegasus007 4 มีนาคม 2555 20:01
    4 มีนาคม 2555 19:56

คำตอบ

  • Hi,

    you cannot use the same IP address range / Subnet on the Internal and External interface of the TMG Server. They must be different


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    5 มีนาคม 2555 18:33
  • Hello,

    I would agree with Marc.

    Note also that an incoming traffic which is supposed to come from another interface will be considered as IP spoofing.



    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator
    Microsoft Certified Trainer

    5 มีนาคม 2555 21:06

ตอบทั้งหมด