Hi Guys,
so far we had running an single ISA 2006
server (running on 2003 std.) on our network which is publishing our Exchange OWA 2010 & ActiveSync, Sharepoint-Sites and so on. This works perfekt, however, for security purposes and for a unique server landscape, we
now wanted to install a new TMG 2010 server on server 2008 R2.
We tried this change already two years before and it ended up in that we were not able to use the new TMG because not all of our public IPs on the external NIC were reachable from the internet (outside the network). So, we thought of a bug, we waited and now took a second try - even with all the new service packs and hotfixes released meanwhile... and -what shall i say- it still doesn't work.
What we did: We first installed the new 2008 R2 server while our old ISA 2006 had still been in service. No problem so far, the configuration (similar to ISA 2006) worked good and even the import of the old ISA 2006 configuration had been
no problem. Just the IP adresses of the external NIC had of course not been the same like those used on the still active ISA 2006, because both servers are located in the same network and connected to the same router. We used some IPs that still had beend
free within the same range:
The networks address is aaa.bbb.ccc.80, the gateway (router) address is aaa.bbb.ccc.81 and the ISA is hosting addresses aaa.bbb.ccc.82 to aaa.bbb.ccc.90 and the new TMG is initially (updateing, testing pruposes, etc) hosting aaa.bbb.ccc.91 - aaa.bbb.ccc.94
(network mask is 255.255.255.240) - at least both are using different ranges within the same network. Until here everything on the TMG worked fine - internet access, published SharePoint test sites, PINGs, etc
On the day we wanted to switch to the new TMG, we shutdown the ISA and added the remaining ISA addresses to the TMGs external network card. We sat the right NAT IP for external communication - but only a few of the new adresses were reachable from the internet. From the TMG itself or within the internal network, the access to all published sites was no problem. But only one listener of the new addes addresses was working (and responding to pings) from the internet while the rest was neither reachable nor pingable.
What we tried:
- disabeling & reenableing NICs, restart server & services, reconfigure the listeners with other public IPs from the external NIC,...
- logging of access to the published sites (no access had been recognised)
We are quite desperate with this issue because -if you believe in search engines - nobody on the whole web seems to have this problem - but we are able to reproduce it again and again :-/
Any ideas on this issue? We ran out of them...
Thanks in advance!