Ok, I've tried everything I can think of and just not getting this right.
I have 2 external IP addresses on the external firewall nat'd to the two NICs on the TMG server. Let's call them 80.x.x.1 and 80.x.x.2 which nat to 10.x.x.1 and 10.x.x.2
These in turn, will reverse proxy to our Exchange 2010 CAS on 172.x.x.1
ActiveSync needs to be non-authenticated, it's authenticated directly between client device such as an iPhone/Android and the Exchange CAS.
OWA however, will need to authenticate via RSA/SecureID
So, I set up external DNS so that owa.xxxx.com resolves to 80.x.x.1 and activesync.xxxx.com resolves to 80.x.x.2
So far so good.
I then create a rule "OWA" with listener "Listener-OWA" with a SAN certificate and that rule works fine.
I create a "ActiveSync" rule with a "Listener-ActiveSync" but get an overlap message...
My networks in TMG are configured with "Internal" containing 10.x.x.1 - 10.x.x.10 and "Internal 2" contains 10.x.x.11 - 10.x.x.255
However, none of these work unless I also add the private range for 172 addresses. BUT, I can only add the 172 range which incorporates the Exchange 2010 CAS to "Internal" or "Internal 2"
What it boils down to is that I can have one rule working but not both.
Where am I going wrong?
