Wrong source IP when accessing internet directly from TMG server

Posted by jarod1701 on Server Fault See other posts from Server Fault or by jarod1701
Published on 2010-04-22T13:26:41Z Indexed on 2010/04/22 13:33 UTC
Read the original article Hit count: 346

Filed under:

threat-management-gateway

|

ip

Hi everyone,

after implementing a ForeFront TMG server I'm facing only one problem:

After I added a second IP to the external adapter I had to manually set "NAT Address Selection" inside the network rule "Internet Access" to the first IP since all others would get blocked by the CISCO firewall.

This configuration works as long as traffic comes from the internal network (e.g. browser on clients). Traffic from the TMG directed to the internet always carries the second IP as it's source address and gets blocked.

All our other TMGs/ISAs are running fine and I never came across this problem-

Does anybody have a clue, coz I don't?!

Kevin

© Server Fault or respective owner

Related posts about threat-management-gateway

Is it possible to configure TMG to impersonate a domain user for anonymous requests to a website?

as seen on Server Fault - Search for 'Server Fault'
I would like to configure Forefront Threat Management Gateway (formerly ISA server) to impersonate a specific domain user for any anonymous request to a particular listener. For example, for any anonymous request to http://www.mycompany.com, I would like to serve up http://myinternal as though MYDOMAIN/GuestAccount… >>> More
Redundancy and Automated failover using Forefront TMG 2010 Standard between Production-DR site ?

as seen on Server Fault - Search for 'Server Fault'
Hi, I'm using MS TMG 2010 Standard as my single firewall to publish my Exchange Server and IIS website to the internet, however it is just one VM in the DMZ network with just one network card (vNIC), what sort of redundancy method that is suitable for making this firewall VM redundant / automatically… >>> More
Always failed in connecting to the Outlook Anywhere through TMG 2010 with certificate ?

as seen on Server Fault - Search for 'Server Fault'
Hi, I have successfully published Exchange Activesync using TMG 2010 and OWA internally only but somehow when I tried to publish the Outlook Anywhere it failed ( as can be seen from the https://www.testexchangeconnectivity.com ) Settings: IIS 7 settings, I have unchecked the require SSL and "Ignore"… >>> More
Wrong source IP when accessing internet directly from TMG server

as seen on Server Fault - Search for 'Server Fault'
Hi everyone, after implementing a ForeFront TMG server I'm facing only one problem: After I added a second IP to the external adapter I had to manually set "NAT Address Selection" inside the network rule "Internet Access" to the first IP since all others would get blocked by the CISCO firewall. This… >>> More
IIS Reverse Proxy support for multiple protocols

as seen on Super User - Search for 'Super User'
I have a server 2012 machine running IIS. It's in my DMZ and I would like to use it to do reverse proxy for several services. I can get it to route traffic on port 80 to 2 separate internal servers running web apps but there are some issues when I try to forward SSH (not port 80/443) and then when… >>> More

Related posts about ip

Getting USB Wifi device to work

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have been trying to get an Olitec Wifi N USB dongle to work. At first it lit up but wouldn't connect. A little Googling suggested that it would need ndiswrapper to make it work. After installing and trying to add driver with ndisgtk, I got the error message FATAL: Module ndiswrapper not found.… >>> More
Cisco 800 series won't forward port

as seen on Server Fault - Search for 'Server Fault'
Hello ServerFault, I am trying to forward port 444 from my cisco router to my Web Server (192.168.0.2). As far as I can tell, my port forwarding is configured correctly, yet no traffic will pass through on port 444. Here is my config: ! version 12.3 service config no service pad service tcp-keepalives-in service… >>> More
Cisco 881 losing NAT NVI translation config after reload

as seen on Server Fault - Search for 'Server Fault'
This is a weird one, so I'll try to explain in as much detail as I can so I'm giving the whole picture. As I've mentioned in my other questions, I'm in the process of setting up a new Cisco 881 as my WAN router and NAT firewall. I'm facing an issue where NAT NVI rules that I have configured are not… >>> More
Bind an ip address to Postfix as outgoing ip

as seen on Server Fault - Search for 'Server Fault'
Is that possible to bind all available public ip addresses on a server to one Postfix instance as its outgoing ip pool and let it choose a random ip or specified ip from the pool each time it sends out an email? If above is not possible, can it be configured to listen on one public ip address per… >>> More
What approach to take for SIMD optimizations

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am trying to optimize below code for SIMD operations (8way/4way/2way SIMD whiechever possible and if it gives gains in performance) I am tryin to analyze it first on paper to understand the algorithm used. How can i optimize it for SIMD:- void idct(uint8_t *dst, int stride, int16_t *input… >>> More