Route - Internal IP to External IP

Hi,

Is it possible to route traffic between an internal IP and an external IP that's not bound to the external interface?

We have a video conferencing system that we just cannot get to work through TMG, that allows 'screen presentation' from a PC, so the PC screen is embedded in the video stream.

If we put the video conferencing system directly on the public internet (with one of our public IPs) it works absolutely flawlessly.  However, because the internal PC is then on a different network to the video conferencing screen presentation now no longer works, because the 2 can't talk to each other.

http://i.imgur.com/7nAizG0.png

Thanks

March 4th, 2015 10:07am

Hello

tip:

create new network with external ip and create network rule with routing between two network, and create firewall policy, and try, if not work check routing tab in tmg.

Free Windows Admin Tool Kit Click here and download it now
March 4th, 2015 10:36am

Thanks.  I'll give it a go.

Just to confirm, in the network rule which is source and which is destination.  Same for the firewall policy.

March 4th, 2015 11:47am

If your TMG is multihomed then the relationship between Internal and External is NAT by default. You can create a separate Network rule that will define a "route" relationship.

In the TMG MMC, Network branch, click on the Network Rules tab. On the far right there will be an option to "Create a Network Rule".  Create a new one where client computer object is the Source and your video conferencing system is the Destination and the network relationship is "Route".

You will also need to go into your Firewall Policies and create an Access Rule to allow whatever type of traffic is needed. Again, you can narrow down the Source and Destinations to just the machines in question.

In order for this to work properly, your client machine will need to be using TMG as its default gateway.

Try that and let me know.

Free Windows Admin Tool Kit Click here and download it now
March 4th, 2015 2:55pm

Network rule start with client as Source and server as Destination.

In the access rule put client and server in both Source and Destination.

March 4th, 2015 4:26pm

No, we're just in front-end firewall mode, but the client machine does have TMG as the default gateway.
Free Windows Admin Tool Kit Click here and download it now
March 5th, 2015 7:45am

Can't get this working:

New external network: 62.7.81.xxx
New network rule: Route, Source = internal PC (10.0.1.xxx), Destination = new network (62.7.81.xxx)
New policy: Allow, HTTP/HTTPS/PING, From = internal PC and new network, Destination = internal PC and new network, All Users

Logging:

Log type: <id id="L_LogPane_FirewallService">Firewall service</id>
<id id="L_LogPane_Status">Status: </id>A packet was dropped because its destination IP address is unreachable.
<id id="L_LogPane_Rule">Rule: </id>None - see Result Code
<id id="L_LogPane_Source">Source: </id>Internal (10.0.1.xxx:2048)
<id id="L_LogPane_Destination">Destination: </id>Video Conferencing (62.7.81.xxx)
<id id="L_LogPane_Protocol">Protocol: </id>PING

?

March 11th, 2015 12:18pm

Hello

check tmg routing, and chek router log

Free Windows Admin Tool Kit Click here and download it now
March 12th, 2015 1:54am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics