locked
UAG cannot access RDP RRS feed

  • Question

  • Hi

     

    I have UAG with one leg on my LAN and another leg in a DMZ.

    I want to be able to provide access through UAG to additional servers that are not strictly LAN based.

    Lan 10.1.0.0

    DMZ 192.168.10.0

    Seperate Network (DMZ) 192.168.102.0

     

    I Added a route to my UAG machine to the 192.168.102 network and when I check the TMG logging I find.

     

    Denied Connection UAG01 1/26/2011 5:45:45 PM

    Log type: Firewall service

    Status: A packet generated on the local host was rejected because its source IP address is assigned to one network adapter and its destination IP address is reachable through another network adapter. 

    Rule: None - see Result Code

    Source: Local Host (10.111.1.1:34553)

    Destination: Internal (192.168.102.36:3389)

    Protocol: PublishingRule::Tcp3389

    I checked my routing table and I cannot find a reason why TMG thinks 192.168.102.x is actually on my external interface 192.168.10.x

    IPV4 Routing table is below

     

     

    C:\windows\system32>route print

    ===========================================================================

    Interface List

      17...00 ff 08 01 19 47 ......SSL Network Tunneling

      14...00 26 55 86 b0 df ......HP NC362i Integrated DP Gigabit Server Adapter #2

      13...02 bf c0 a8 0a 20 ......HP NC362i Integrated DP Gigabit Server Adapter

      1...........................Software Loopback Interface 1

      15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

    ===========================================================================

     

    IPv4 Route Table

    ===========================================================================

    Active Routes:

    Network Destination        Netmask          Gateway       Interface  Metric

              0.0.0.0          0.0.0.0    192.168.10.60    192.168.10.33     21

             10.1.0.0      255.255.0.0     10.111.1.250       10.111.1.1     11

            10.50.0.0      255.255.0.0     10.111.1.250       10.111.1.1     11

           10.111.1.0    255.255.255.0         On-link        10.111.1.1    266

           10.111.1.1  255.255.255.255         On-link        10.111.1.1    266

         10.111.1.255  255.255.255.255         On-link        10.111.1.1    266

            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

         192.168.10.0    255.255.255.0         On-link     192.168.10.33    276

        192.168.10.32  255.255.255.255         On-link     192.168.10.33    276

        192.168.10.33  255.255.255.255         On-link     192.168.10.33    276

       192.168.10.255  255.255.255.255         On-link     192.168.10.33    276

        192.168.102.0    255.255.255.0         On-link        10.111.1.1     11

      192.168.102.255  255.255.255.255         On-link        10.111.1.1    266

            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

            224.0.0.0        240.0.0.0         On-link        10.111.1.1    266

            224.0.0.0        240.0.0.0         On-link     192.168.10.33    276

      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      255.255.255.255  255.255.255.255         On-link        10.111.1.1    266

      255.255.255.255  255.255.255.255         On-link     192.168.10.33    276

    ===========================================================================

    Persistent Routes:

      Network Address          Netmask  Gateway Address  Metric

             10.1.0.0      255.255.0.0     10.111.1.250       1

            10.50.0.0      255.255.0.0     10.111.1.250       1

              0.0.0.0          0.0.0.0    192.168.10.60       1

    ===========================================================================

     

    Any help would be appreciated..

     

    Regards,

     

     

    Wednesday, January 26, 2011 6:27 PM

Answers

All replies