Quantcast
Channel: Forefront TMG and ISA Server forum
Viewing all articles
Browse latest Browse all 3822

TMG NLB breacks Radius auth (drops UDP fragments?)

$
0
0

Hi,

I have a TMG cluster wit 3 legs - External, Internal1, Internal2

On Internal1 I have all clients and servers

On Internal2 I put my Fortigate 80C used for the wireless network. I use Radius for auth. Radius server is on a Windows server in Internal1 network.

Everything works fine but as soon as I start NLB for the 2nd TMG cluster the RADIUS auth fails. Everything else works. If you are already auth for wireless internet and everything works for you.

For internal1 I have to use Unicast, For External I use Multicast NLB and it works great. For Internal2 I tried unicast/multicast no difference. I even configured the multicast MAC and IP on the cisco switch between TMG and Fortigate.

What I find strange is that everything works with 1 TMG node (one or the other) but as soon as I start NLB service on the second one Radius auth will timeout.

Looking at the network packets it seems that TMG drops the UDP fragments for RADIUS.

I have the Block IP fragments disabled.

Any idea?

Does TMG NLB has trouble with NLB and UDP traffic?

Thanks a lot!


Viewing all articles
Browse latest Browse all 3822

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>