Discussion:
TMG with multiple external IP
(too old to reply)
andrius.kr
2010-04-17 21:05:04 UTC
Permalink
Hello,

Currently I am planning the installation of my first TMG as VM guest on
Hyper-V. I have to bind three IP's to external network of TMG. One IP for
incoming and outgoing all traffic except the following. Second IP for
incoming and outgoing mail. And the third for outgoing traffic from one
special network.
For now I have added one nic for external network with the main IP
configuration. How about the other two IP's ? How to add them ?
Also in the future will be the need to use ISP redundancy. The second,
standby internet will have one external IP and in event of primary ISP
failure all inbound and outbound traffic will have to go thru the backup
ISP. Will it work correctly, if the primary ISP's connection will have
several external IP and the backup ISP will be with one IP?
Alex Zehnder
2010-10-14 19:40:46 UTC
Permalink
As for the reason you mentioned and others sometimes it makes sense to route the outgoing traffic by an different IP as the default.

To reach that simply do:

1) "Exclude" the computer/server you want to route differently from the INTERNAL TO EXTERNAL (NAT).
FOREFRONT TMG > NETWORKING > RIGHT CLICK INTERNAL TO EXTERNAL > PROPERTIES > SOURCE NETWORKS > EXCEPTIONS ADD ...your SERVER/COMPUTER to be excluded
and APPLY

2) CREATE A NEW NETWORK RULE (EXAMPLE EMAIL TO EXTERNAL)..where EMAIL would be a hint for you that this rule is about the EMAIL_SERVER.
FOREFRONT TMG > NETWORKING > TASKS > CREATE A NETWORK RULE >
- Network Realtionship > NAT
- Source Natworks > put only the SERVER\COMPUTER you want to go out on the different IP
- Destination Networks > External
- NAT Address Selection > Use specific IP ADDRESS > Choose the IP you want
....APPLY and you're done.
Hello,
Currently I am planning the installation of my first TMG as VM guest on
Hyper-V. I have to bind three IP's to external network of TMG. One IP for
incoming and outgoing all traffic except the following. Second IP for
incoming and outgoing mail. And the third for outgoing traffic from one
special network.
For now I have added one nic for external network with the main IP
configuration. How about the other two IP's ? How to add them ?
Also in the future will be the need to use ISP redundancy. The second,
standby internet will have one external IP and in event of primary ISP
failure all inbound and outbound traffic will have to go thru the backup
ISP. Will it work correctly, if the primary ISP's connection will have
several external IP and the backup ISP will be with one IP?
Submitted via EggHeadCafe - Software Developer Portal of Choice
SharePoint WorkFlow Basics
http://www.eggheadcafe.com/tutorials/aspnet/1fa263fb-d7a6-40f5-8875-356f75d9fca9/sharepoint-workflow-basics.aspx
C Parker
2010-11-04 18:53:47 UTC
Permalink
We are a school and are currenly evaluating TMG as a gateway for Staff and Pupils.

We have Internal Network,
and two External Destinations

Basic Diagram

Internal Network

Forefront TMG



External Staff 10.124 External Student 10.99

Now what I need to Do is based to user group ie send them students to the External Student Filtered and send the staff to the unblocked unfiltered IP

any Ideas
Post by andrius.kr
Hello,
Currently I am planning the installation of my first TMG as VM guest on
Hyper-V. I have to bind three IP's to external network of TMG. One IP for
incoming and outgoing all traffic except the following. Second IP for
incoming and outgoing mail. And the third for outgoing traffic from one
special network.
For now I have added one nic for external network with the main IP
configuration. How about the other two IP's ? How to add them ?
Also in the future will be the need to use ISP redundancy. The second,
standby internet will have one external IP and in event of primary ISP
failure all inbound and outbound traffic will have to go thru the backup
ISP. Will it work correctly, if the primary ISP's connection will have
several external IP and the backup ISP will be with one IP?
Post by Alex Zehnder
As for the reason you mentioned and others sometimes it makes sense to route the outgoing traffic by an different IP as the default.
1) "Exclude" the computer/server you want to route differently from the INTERNAL TO EXTERNAL (NAT).
FOREFRONT TMG > NETWORKING > RIGHT CLICK INTERNAL TO EXTERNAL > PROPERTIES > SOURCE NETWORKS > EXCEPTIONS ADD ...your SERVER/COMPUTER to be excluded
and APPLY
2) CREATE A NEW NETWORK RULE (EXAMPLE EMAIL TO EXTERNAL)..where EMAIL would be a hint for you that this rule is about the EMAIL_SERVER.
FOREFRONT TMG > NETWORKING > TASKS > CREATE A NETWORK RULE >
- Network Realtionship > NAT
- Source Natworks > put only the SERVER\COMPUTER you want to go out on the different IP
- Destination Networks > External
- NAT Address Selection > Use specific IP ADDRESS > Choose the IP you want
....APPLY and you're done.
Submitted via EggHeadCafe - Software Developer Portal of Choice
Using the ASP.NET CustomValidator Control
http://www.eggheadcafe.com/tutorials/aspnet/e622d48f-2787-4906-b97f-1ef8037a688f/using-the-aspnet-customvalidator-control.aspx
Loading...