• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Single Public IP Address

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Single Public IP Address Page: [1]
Login
Message << Older Topic   Newer Topic >>
Single Public IP Address - 10.Jan.2013 3:14:15 AM   
johnrthompson

 

Posts: 2
Joined: 10.Jan.2013
Status: offline
Hi,

I hope you can help.

We only have 1 public IP address which is currently being used by our Cisco firewall's external interface. We would like to publish Exchange OWA/OA. At present I cannot NAT HTTPS on the public ip to our TMG box which is installed as a back firewall.

To get around this; my plan is to replace the Cisco firewall with the TMG as the Edge server. This would use the public ip address on the TMG external interface. I would then create a publishing rule for exchange and create DNS entries that direct external users to the single public IP on the TMG? Does this sound feasible or would I still hit the same problem of trying to NAT the external TMG interface? And do I require an additional public IP address as a minimum? As usual I am looking to avoid the heavy cost of another IP address!

All help gratefully appreciated,

John
Post #: 1
RE: Single Public IP Address - 11.Jan.2013 4:06:34 PM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
There is nothing stopping you from doing it as it is now. The Cisco NATs from the External Interface of the Cisco to the External Interface of the ISA/TMG. The ISA/TMG than publishes it from there to the Exchange machine.

_____________________________

Phillip Windell

(in reply to johnrthompson)
Post #: 2
RE: Single Public IP Address - 13.Jan.2013 10:03:53 AM   
johnrthompson

 

Posts: 2
Joined: 10.Jan.2013
Status: offline
Hi Phillip,

Thanks for your response much appreciated.

Firstly I wasn't sure that if the TMG server had two private IP addresses it would actually work. However you are suggesting the Cisco can have the public IP and the TMG can sit behind it and publish when it has private IP's?

In my first attempt to get it working I had developed some configuration from digging around on the internet.

Configure NAT
------------------------------------------------------------
object network Forefront TMG
nat (inside,outside) static interface service tcp https https

Add ACL
------------------------------------------------------------
access-list outside-acl permit tcp any host 'external private IP TMG' eq 443
access-group outside-acl in int outside

However the ACL just dropped the traffic. I struggled with troubleshooting it so any pointers on the configuration would be fantastic.

Thanks

John

(in reply to pwindell)
Post #: 3
RE: Single Public IP Address - 14.Jan.2013 8:43:50 AM   
pwindell

 

Posts: 2244
Joined: 12.Apr.2004
From: Taylorville, IL
Status: offline
If the ISA/TMG has and internal and an external interface (operating as the "back" firewall of a back-to-back DMZ design) then you should be able to get it done. It would have RFC private IPs on both sides of it however they would still be different subnets [networks] from each other and that is all that matters

_____________________________

Phillip Windell

(in reply to johnrthompson)
Post #: 4
RE: Single Public IP Address - 24.Oct.2015 12:27:06 AM   
akashsharma

 

Posts: 2
Joined: 23.Oct.2015
Status: offline
True Phillip Windell and John i have a some different option for you. you can use local server for your work.
I Think this is another option for you..

Thanks

Akash

_____________________________

we are tour operator.
http://www.visittnt.com/rajasthan-travel/
http://www.visittnt.com/rajasthan-travel/rajasthan-tourist-attractions.html
http://www.visittnt.com/jaisalmer-tour/

(in reply to pwindell)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Publishing] >> Exchange Publishing >> Single Public IP Address Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts