Tuesday, August 23, 2011

TMG 2010 SETUP NIC CARD CONFIGURATION

If you are setting up TMG and you would like to align your deployment with MS recommended & supported way; you will need to have each NIC for TMG to belong to two different network. ( this pertains two NIC scenario)

According to MS, if you do have both NIC sitting on the same network you will cause routing issues and many other usefully tips discussed here below KB…..

http://technet.microsoft.com/en-us/library/cc302678.aspx#NetworkAndRoutingIssues

TIP: Build the server with Single NIC and add the TMG server into domain by using same NIC, once server is added to domain, rename this NIC as "Internal" and make sure , you do not specify the DGW ( default Gateway ) on it.

The LAY out for each NIC shown below. Remember fallowing short list before install.

  • Each TMG server has two NIC cards ( Disable one and add the server indo domain by using that NIC, Use domain integration, lots of headache IMO otherwise, DMZ type of domain.)
  • After successfully joining domain , Rename the same NIC as "Internal" take out the gateway.
  • Enable second NIC name it "External" configure IP, SM and DWG on the External NIC.
  • Internal NIC depends upon static route table on the network routing, so you will need to use Route add command , as shown below to include these static routes.
  • Since Internal NIC has no DGW defined only way to get out from same network gateway to tell TMG how to get there " Static Route" persistence

route add 172.26.5.10 mask 255.255.255.255 172.26.7.97 -p

Mask 255.255.255.255 meaning is , if traffic comes to this IP=172.26.5.10, use this DGW=172.26.7.97

  • AS you can see you define route to one IP , not entire network, if you like to open entire network for routing you have to use CDIR subnet mask , for instance

route add 172.26.5.10 mask 255.255.255.0 172.26.7.97 -p

Mask 255.255.255.0 meaning is , TCP/IP traffic comes to this Network=172.26.5.0, use this DGW=172.26.7.97

  • Now we have route to entire network=172.26.5.0 thus any valid IP falls within this network TMG will know which DGW to use=172.26.7.97 I n this case

image

Respectfully,
Oz Casey, Dedeal ( MVP north America)
MCITP (EMA), MCITP (SA)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)

2 comments:

VA's RHD Hachi Roku said...

Server 2008 its recommened to use netsh rather than route add.

http://blogs.technet.com/b/timmcmic/archive/2009/04/26/windows-2008-multi-subnet-clusters-and-using-static-routes.aspx

Oz Casey Dedeal said...

Thanks for the reminder, I know Tim recommends using netsh, but route add works fine as well (-: