locked
UAG DirectAccess behind TMG ? RRS feed

  • Question

  • My problem is the same as the other ones here on the forum only that i know what to do but it still doesn't work.

    I have set up a Frontend TMG and then set the Network rules to Route External to Internal. Set up access rules for inbound and outbound for the ports 443, 3544 and 41 from external to internal. It still doesn't work.

    I have tried setting the Network rules to Route from External to the UAG Server ip 1.1.1.2 and 1.1.1.3 but no luck. I have tried setting the access rules to the UAG Server ip as well but nothing there either.

    I am not very good with TMG so it might be that i am missing something. Please help me solve this.                                                             Been at it a few days now searching for a guide but can't find any =/

    Thursday, April 21, 2011 2:40 PM

Answers

  • A general troubleshooting technique would be to setup the publishing rules, and if they don't work, start the TMG monitoring console, and see where the traffic is arrested. You may see it being blocked by some rule on the TMG (in which case, you may need to seek help on a TMG forum), or you might see it going through and hitting the UAG. On the UAG, you can also launch the TMG console, and use the same tool to see if traffic is reaching the server or not.
    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, May 9, 2011 11:46 PM
    Monday, May 9, 2011 11:46 PM

All replies

  • Out of interest, why are you putting UAG behind TMG when UAG is already running TMG?

    Have you tried using server publishing rules?

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Thursday, April 21, 2011 11:16 PM
  • Hmm, didnt get an email that i got a reply, weird.

    Yepp tried publishing the server but no connection either. A little more info on how to publish them would be nice. Like should i publish both ip-addresses or should i only publish the primary 1.1.1.2 and then set up some rules for the 1.1.1.3 ?

    Anything else ?

    Tuesday, April 26, 2011 8:28 AM
  • A general troubleshooting technique would be to setup the publishing rules, and if they don't work, start the TMG monitoring console, and see where the traffic is arrested. You may see it being blocked by some rule on the TMG (in which case, you may need to seek help on a TMG forum), or you might see it going through and hitting the UAG. On the UAG, you can also launch the TMG console, and use the same tool to see if traffic is reaching the server or not.
    Ben Ari
    Microsoft CSS UAG/IAG Support
    Sammamish, WA
    • Marked as answer by Erez Benari Monday, May 9, 2011 11:46 PM
    Monday, May 9, 2011 11:46 PM