+ Post New Thread
Results 1 to 9 of 9
Enterprise Software Thread, TMG 2010 web publishing with two Internet Connections in Technical; Hi guys, Im after abit more advice. Our TMG server has two internet connections that are in Failover Only mode ...
  1. #1
    rjm
    rjm is offline

    Join Date
    Jun 2008
    Location
    South Yorkshire
    Posts
    24
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    TMG 2010 web publishing with two Internet Connections

    Hi guys,

    Im after abit more advice. Our TMG server has two internet connections that are in Failover Only mode on the ISP Redundanct Tab.

    My issue is we cannot access a published web server when both connections are active. When the 2nd reduntant connection is disabled it works instantly. I also have Exchange 2007 OWA published through the same TMG server, but access to this works regardless of the 2nd connection being active. Now the external IP address for the site in question is linked to the Primary network connection, as is the OWA, so I cant understand why having the 2nd redundant connection active would cause the published site not to work.

    I have compared both access rules for OWA and the published site and they are the same, other than the details of ther server they are hosted on, and their relative host names etc.

    One last thing, when I remove the gateway address from the 2nd redundant connection, it works instantly, so it appears the request comes in using the external IP through the primary internet connection, but then tries to reply and go out on the 2nd redundant connection causing it to time out.

    Any ideas would be greatly appreciated.

    Cheers

    Rich

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Split DNS inside? You may need to look at your DNS and your routing/interface costs

  3. #3
    rjm
    rjm is offline

    Join Date
    Jun 2008
    Location
    South Yorkshire
    Posts
    24
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi mate,

    Thanks for your reply. In our Domain DNS I have an "Host A" entry for mail. which runs the OWA, and one for webserver. Also, both names are registered with our domain name provider so resolved on the internet to the relevant external IP addresses. I am looking at Routing in TMG but that seems to be static and just picks up addresses from the NICs in the TMG server.

    Thanks for your help.

  4. #4

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Each interface has a cost specified in the advanced IP options, it depends on the binding order of the interfaces and the cost/metric of the interface as to which route is chosen. You need to make sure that the TMG is using internal DNS server so that the address that the TMG uses is the internal one. You could should check that TMG rules point to the site directly via internal IP rather than using DNS anyway.

  5. #5
    rjm
    rjm is offline

    Join Date
    Jun 2008
    Location
    South Yorkshire
    Posts
    24
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Where can I find the cost? I have looked in the advanced options in network connections, and verified the primary internet connection is above the backup secondary connection, which it is. Both internet connections use the ISP DNS servers relevant to that connection. The internal LAN nic on the TMG server points to our internal DNS servers, which have both mail. and webserver. entries specified. The TMG rule specified the site name and IP Address, and when I run the "Test Rule" I get success and green ticks.

  6. #6

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    Quote Originally Posted by rjm View Post
    Both internet connections use the ISP DNS servers relevant to that connection. The internal LAN nic on the TMG server points to our internal DNS servers, which have both mail. and webserver. entries specified.
    External NICs should not have DNS entries from the ISPs, this should be handled by fowarders on your internal DNS. All DNS should point internally.

    The Cost/metric is specified under the IP4 advanced setting under each connection in Windows network adapter managment. Usually this is set to automatic metric. Lower metrics indicate preffered routes.

  7. #7
    rjm
    rjm is offline

    Join Date
    Jun 2008
    Location
    South Yorkshire
    Posts
    24
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Both external connections and the internal LAN connection are all set to automatic metric. Should I change this? I still cant get my head around why mail. works regardless of the secondary connection, but webserver. doesn't... How can I set the forwarders in DNS when both connections are from different ISPs and therefore use different DNS servers from each other? Thanks for your help with this!

  8. #8

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,143
    Thank Post
    863
    Thanked 2,695 Times in 2,285 Posts
    Blog Entries
    9
    Rep Power
    772
    DNS servers should be accessable from another ISP anyway. Go into the DNS server properties and add the fastest DNS server first and the the others afterwards in the fowarders list.

    The metric on your external interfaces should probably be identical but you may want to push them up to 4 or 5 so that the internal connection always takes precidence. It should do this anyway but it may help. I think that getting DNS sorted on the the TMG will help too. If it still does not work try making the metric on the primary one lower than the secondary.

  9. #9
    rjm
    rjm is offline

    Join Date
    Jun 2008
    Location
    South Yorkshire
    Posts
    24
    Thank Post
    3
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Hi mate, I have changed the DNS entries on both connections to point to our two internal DNS Servers. Both internal servers have the external DNS servers for our ISP listed. I have also changed the Metrics in both connections, making the primary connection lower than the secondary redundant connection. The Lan is still priority though. After both of these changes, im still getting the same issue. Mail. works but webserver. doesn't. Disable the redundant connection and webserver. works instantly. I really have no idea what is causing it...

SHARE:
+ Post New Thread

Similar Threads

  1. Two Internet Connection One Network
    By webby74 in forum Wireless Networks
    Replies: 25
    Last Post: 4th April 2011, 03:24 PM
  2. Can I divide T1 internet connection into two offices with different subnet?
    By vuvany in forum Internet Related/Filtering/Firewall
    Replies: 3
    Last Post: 23rd March 2011, 05:27 PM
  3. TMG 2010 publishing
    By localzuk in forum Windows Server 2008 R2
    Replies: 5
    Last Post: 27th September 2010, 01:11 PM
  4. Stumped with this one...internet connection problem over LAN
    By Little-Miss in forum Internet Related/Filtering/Firewall
    Replies: 11
    Last Post: 19th May 2010, 04:07 PM
  5. VPN connection with internet connection option
    By FN-GM in forum Wireless Networks
    Replies: 6
    Last Post: 29th December 2007, 07:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •