locked
TMG and Static Route RRS feed

  • Pregunta

  • Hi,

    I have a TMG with three NIC's and three networks:
    Internal_1= 192.168.1.0/24
    Internal_2= 192.168.100.0/24
    External = The Internet


    Network rules:
    Internal_1 to External = NAT
    Internal_2 to External  = NAT
    Internal_1 to Internal_2 = Route


    It´s work ok

     

    Now, I need add a router on Internal_1 network.
    This router manages a new network (Vlan) 10.0.0.0/8 and the ip on the internal_1 network is 192.168.1.9

    I have several things in TMG
    -Add a Network Internal_3: range 10.0.0.0-10.255.255.255
    -Add a Network rule: Internal_1 to Internal_3 = Route
    -Add a network topology rule: network:10.0.0.0, mask 255.0.0.0, Gateway: 192.168.1.9, metric: 256
    -Allow traffic between the internal_1 network and internal_3

    by simulating the traffic between the internal_1 network and the internal_3 result is satisfactory, but doing a ping from the internal_1 network to the internal_3, I get error FWX_E_UNREACHABLE_ADDRESS

    Can someone help me?
    Thank you

    jueves, 11 de noviembre de 2010 9:27

Respuestas

  • Hi,

    I have a TMG with three NIC's and three networks:
    Internal_1= 192.168.1.0/24
    Internal_2= 192.168.100.0/24
    External = The Internet


    Network rules:
    Internal_1 to External = NAT
    Internal_2 to External  = NAT
    Internal_1 to Internal_2 = Route


    It´s work ok

     

    Now, I need add a router on Internal_1 network.
    This router manages a new network (Vlan) 10.0.0.0/8 and the ip on the internal_1 network is 192.168.1.9

    I have several things in TMG
    -Add a Network Internal_3: range 10.0.0.0-10.255.255.255
    -Add a Network rule: Internal_1 to Internal_3 = Route
    -Add a network topology rule: network:10.0.0.0, mask 255.0.0.0, Gateway: 192.168.1.9, metric: 256
    -Allow traffic between the internal_1 network and internal_3

    by simulating the traffic between the internal_1 network and the internal_3 result is satisfactory, but doing a ping from the internal_1 network to the internal_3, I get error FWX_E_UNREACHABLE_ADDRESS

    Can someone help me?
    Thank you


    If you are adding the router to Internal_1 such that the network will be accessible to TMG via the Internal_1 NIC, you do not need to configure networks or network rules. You simply need to add the 10.0.0.0/8 to the address range to the tab of the Internal_1 network object and then define the routing rule to provide the gateway address for the 10.0.0.0/8 network. 

    You only need to create new network and network rules when adding new NICs to the TMG server itself...this may be worth a read: http://www.isaserver.org/tutorials/Advanced-ISA-Firewall-Configuration-Network-Behind-Network-Scenarios.html

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    • Propuesto como respuesta Nick Gu - MSFTModerator miércoles, 17 de noviembre de 2010 4:10
    • Marcado como respuesta pagudo jueves, 18 de noviembre de 2010 18:06
    lunes, 15 de noviembre de 2010 16:45
    Moderador

Todas las respuestas

  • Hi,

    you also have to create a route from internal3 to internal1 so that packets from Internal1 to Internal3 find the way back!


    regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.nt-faq.de
    jueves, 11 de noviembre de 2010 9:34
  • Hi,

    I've tried and it does not work.

    Any other ideas?

     

    lunes, 15 de noviembre de 2010 12:56
  • Hi,

    I have a TMG with three NIC's and three networks:
    Internal_1= 192.168.1.0/24
    Internal_2= 192.168.100.0/24
    External = The Internet


    Network rules:
    Internal_1 to External = NAT
    Internal_2 to External  = NAT
    Internal_1 to Internal_2 = Route


    It´s work ok

     

    Now, I need add a router on Internal_1 network.
    This router manages a new network (Vlan) 10.0.0.0/8 and the ip on the internal_1 network is 192.168.1.9

    I have several things in TMG
    -Add a Network Internal_3: range 10.0.0.0-10.255.255.255
    -Add a Network rule: Internal_1 to Internal_3 = Route
    -Add a network topology rule: network:10.0.0.0, mask 255.0.0.0, Gateway: 192.168.1.9, metric: 256
    -Allow traffic between the internal_1 network and internal_3

    by simulating the traffic between the internal_1 network and the internal_3 result is satisfactory, but doing a ping from the internal_1 network to the internal_3, I get error FWX_E_UNREACHABLE_ADDRESS

    Can someone help me?
    Thank you


    If you are adding the router to Internal_1 such that the network will be accessible to TMG via the Internal_1 NIC, you do not need to configure networks or network rules. You simply need to add the 10.0.0.0/8 to the address range to the tab of the Internal_1 network object and then define the routing rule to provide the gateway address for the 10.0.0.0/8 network. 

    You only need to create new network and network rules when adding new NICs to the TMG server itself...this may be worth a read: http://www.isaserver.org/tutorials/Advanced-ISA-Firewall-Configuration-Network-Behind-Network-Scenarios.html

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    • Propuesto como respuesta Nick Gu - MSFTModerator miércoles, 17 de noviembre de 2010 4:10
    • Marcado como respuesta pagudo jueves, 18 de noviembre de 2010 18:06
    lunes, 15 de noviembre de 2010 16:45
    Moderador
  • Please provide the output from an ipconfig /all on the tmg server please
    Keith Alabaster - MVP/Forum Moderator
    lunes, 15 de noviembre de 2010 22:03
    Moderador