Tuesday, August 23, 2011


If you are setting up TMG and you would like to align your deployment with MS recommended & supported way; you will need to have each NIC for TMG to belong to two different network. ( this pertains two NIC scenario)

According to MS, if you do have both NIC sitting on the same network you will cause routing issues and many other usefully tips discussed here below KB…..


TIP: Build the server with Single NIC and add the TMG server into domain by using same NIC, once server is added to domain, rename this NIC as "Internal" and make sure , you do not specify the DGW ( default Gateway ) on it.

The LAY out for each NIC shown below. Remember fallowing short list before install.

  • Each TMG server has two NIC cards ( Disable one and add the server indo domain by using that NIC, Use domain integration, lots of headache IMO otherwise, DMZ type of domain.)
  • After successfully joining domain , Rename the same NIC as "Internal" take out the gateway.
  • Enable second NIC name it "External" configure IP, SM and DWG on the External NIC.
  • Internal NIC depends upon static route table on the network routing, so you will need to use Route add command , as shown below to include these static routes.
  • Since Internal NIC has no DGW defined only way to get out from same network gateway to tell TMG how to get there " Static Route" persistence

route add mask -p

Mask meaning is , if traffic comes to this IP=, use this DGW=

  • AS you can see you define route to one IP , not entire network, if you like to open entire network for routing you have to use CDIR subnet mask , for instance

route add mask -p

Mask meaning is , TCP/IP traffic comes to this Network=, use this DGW=

  • Now we have route to entire network= thus any valid IP falls within this network TMG will know which DGW to use= I n this case


Oz Casey, Dedeal ( MVP north America)
MCSE 2003, M+, S+, MCDST
Security+, Project +, Server +
http://smtp25.blogspot.com/ (Blog)
http://telnet25.wordpress.com/ (Blog)


VA's RHD Hachi Roku said...

Server 2008 its recommened to use netsh rather than route add.


Oz Casey Dedeal said...

Thanks for the reminder, I know Tim recommends using netsh, but route add works fine as well (-: