locked
TMG as Reverse Proxy unpingable/cant RDP RRS feed

  • Question

  • I have been trying to set up TMG as a reverse proxy for Lync Mobility. It has been quite a pain. Originally when I installed TMG I had a single adapter setup and I was unable to ping the box or remote to it, but it seemed to be working externally and I was able to ping the external DNS name we are using for mobility.

    I have since switched to a dual adapter setup, one external, one internal. Now the external adapter is having the same issue, it won't ping. So now when I try to ping the mobility website it does nothing. Why does TMG act like this? Is there a way to stop it? I have been following various guides for using TMG as a reverse proxy for Lync and I haven't seen any mention of this problem or what might be causing it.

    Tuesday, June 5, 2012 3:02 PM

Answers

  • Hi,

    Thank you for the post.

    Once you have installed TMG server on a box, the traffic like ping , rdp are denied by default rule, you have to create firewall rule to allow the traffic.

    Regards,


    Nick Gu - MSFT

    Thursday, June 7, 2012 1:50 AM
    Moderator

All replies

  • Hi,

    you want to be able to ping the internal Lync Server from the Internet?
    To reach internal non webbased resources you have to use non webserver publishing rules if the network relationship between the External and Internal network is NAT but you cannot publish Ping (ICMP).
    If you want to RDP to the Lync Server you have to create a RDP Server publishing rule


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de

    Tuesday, June 5, 2012 8:04 PM
  • I don't really understand your reply, possibly because you don't understand my issue.

    I have a VM. I had it originally with a single NIC. When I brought the VM up it behaved normally. I was able to ping it and remote to it. When I installed TMG on this same VM, I was no longer able to ping it or remote to it. I am installing TMG ONLY as a reverse proxy for Lync Mobility.

    With the single NIC setup, I was able to ping my external Lync Mobility site. However I had other issues that seemed to be keeping it from working.

    I had a suggestion from a peer, who is a network admin and Lync expert, to try a two NIC internal/external TMG setup.

    I added a new NIC and connected it straight to our Comcast gateway and gave this new NIC an unused public IP we have. Everything works fine with this public IP when it is tied to a machine without TMG. BUT in the same way the single NIC would not ping internally, neither NIC will ping now that I have TMG set up on the VM. So now I cannot ping my external Lync Mobility site. Now my Lync Mobility client hangs when I try to connect instead of giving me a certificate error or server error which I was getting before with the single NIC.

    So. Why is it that in the articles I have read that walk you through mobility set up (all of which use TMG for reverse proxy) NONE of them mention this issue????

    What am I missing? Why does TMG just shut down requests coming in to it by default? In my configuration I basically turned off everything so it shouldn't be messing with this stuff.

    Wednesday, June 6, 2012 8:51 PM
  • Hi,

    Thank you for the post.

    Once you have installed TMG server on a box, the traffic like ping , rdp are denied by default rule, you have to create firewall rule to allow the traffic.

    Regards,


    Nick Gu - MSFT

    Thursday, June 7, 2012 1:50 AM
    Moderator