DSL ROUTER & FOREFRONT
-
4 มีนาคม 2555 19:56
Hi Guys
I hope everyone is well. I really need some help on this, I hope you guys can help.
Here is the scenario:
I have a Windows Server 2008 R2 Machine with 3 NICS. I installed Hyper V on this server and Forefront TMG. I correctly managed to add 2 of the 3 network cards to the TMG.
The Network runs in the 192.168.0.1 to 192.168.0.254 Range.
DHCP is enable on the Primary windows Server with a scope of 192.168.0.30-60.
The DSL Router is statically set to 192.168.0.1
The Primary server is 192.168.0.2
Before installing TMG I statically set the IP address of the Two NICs in Hyperv and named them "Internal and External".
These are the settings of the two NICS:
Internal(Static) Only IP: 192.168.0.200 and Subnet and DNS: 192.168.0.2 is set
External (Static) Only IP192.168.0.205 and Subnet and Default Gateway : 192.168.0.1 is set.
The Internal NIC is connected to the Switch. The External NIC is connected to the DSL router.
On successfully installing TMG and completing the installation wizards as well as adding DNS to the list of firewall policy's for all domain users - "DNS access for Internal to external. The TMG gateway application still indicates on the task bar a little explanation-mark indicating no internet access.
I have tried figuring this out- but I am really struggling. I have a feeling that because the external NIC connected to the DSL router only has a Default gateway entered under the IP4 setting and no DNS entry this could be the error?
Further more I have spent over 5 days trying to figure out why the TMG indicates an no internet aces error.
The main server on which the Hyper V is hosted has internet access- it has the DSL routers IP address in the Defualt gateway and Secondary DNS fields.
Where as the External NIC on TMG only has the Default gateway set and no DNS- Apparently this is the setting MS require.
Could the DNS be the error or is there more?
If you guys can help out I would be for ever thank full.
Thank so much
- แก้ไขโดย Pegasus007 4 มีนาคม 2555 20:01
ตอบทั้งหมด
-
5 มีนาคม 2555 17:28
Hi,
Please check these links,
http://technet.microsoft.com/en-us/library/cc891502.aspx
http://www.msserverpro.com/view/181
I hope this will help you.
Thanks,
Best Regards, ----Naresh Man Maharjan,Nepal---- www.msserverpro.com
-
5 มีนาคม 2555 18:33
Hi,
you cannot use the same IP address range / Subnet on the Internal and External interface of the TMG Server. They must be different
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
- ทำเครื่องหมายเป็นคำตอบโดย Nick Gu - MSFTMicrosoft, Moderator 9 มีนาคม 2555 4:47
-
5 มีนาคม 2555 21:06
Hello,
I would agree with Marc.
Note also that an incoming traffic which is supposed to come from another interface will be considered as IP spoofing.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer- ทำเครื่องหมายเป็นคำตอบโดย Nick Gu - MSFTMicrosoft, Moderator 9 มีนาคม 2555 4:47
-
5 มีนาคม 2555 22:52
Hi Marc I am so thank full for your help. I have attached 2 jpegs of my current set-up. As you very kindly indicated it is incorrect,
Note the internal and external adapter settings. Also note that the "no internet connectivity exclamation mark" is indicating on the Hyper V 2008 -TMG Server.
But not on the host machine. Hopefully these Jpegs will give you a 100% understanding of my setup. If so , is your post above still the solution to my endless troubles?
I thank you kindly!
J
-
5 มีนาคม 2555 22:54More Jpegs
-
5 มีนาคม 2555 22:56Thank you ever so much!
-
9 มีนาคม 2555 4:46ผู้ดูแล
Hi,
Thank you for the post.
Internal ip: 192.168.0.245/24
External ip: 192.168.0.90/24
Just like Marc and Mr X said, you cannot put two NIC on the same subnet.
Regards,
Nick Gu - MSFT
-
12 มีนาคม 2555 14:34
Hi Nick
I hope you well. We sat last night till the early hours of the morning trying to get the Forefont to work.
I changed the internal network into a totally different subnet and network range compared to the external.
It is published in the forefront setup guide that only one DNS server should be specified and that is the DNS server for the internal network.
However I think where the problem lies is the following:
When we connect the ADSL router directly to a laptop to isolate the problem- we only have internet connectivity when we specify the ADSL routers IP address in both the Default gateway and DNS fields of the laptops NIC settings.
This conflicts with the published NIC settings for forefront as they indicate that only one DNS server should be entered (This being the windows domain controller) in the internal network.
It seams we have to enter the routers IP address into the DNS field on the external adapter to get the internet to work- without it there is not internet connectivity.
This will result in two DNS fields being specified. 1 on the internal that points to the server and 1 on the external that points to the Router.
I am abit baffled and any help whatsoever will be greatly appreciated.
Thanks so much
Jason
.png)
