Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5505 with TMG Forefront

I have the following scenario in a branch office:

A ASA 5505 connected to Core Switch(there is only one in this branch location) and a TMG Forefront Server connected to an ASA inside port.

The external port e0/0 is connected to the ADSL provider.

My ASA is configured as you can see below, but i don't have Internet even in the TMG Forefront. But i can ping external IPs inside ASA. My proxy IP configuration is like this:

TMG IP Config:

IP: 10.100.17.55

Mask: 255.255.255.192

Gw: 10.100.17.1/10.100.17.10

ADSL IP Config(Static):

IP: 189.39.115.158

Mask: 255.255.255.252

Gw: 189.39.115.157

DNS: 10.5.1.1/10.5.1.2

ASA 5505 Config:

name 189.39.115.158 websrv-ext

name 10.100.17.55 websvr-int

interface Vlan1

nameif inside

security-level 100

ip address 10.100.17.10 255.255.255.192

!

interface Vlan2

nameif outside

security-level 50

ip address websrv-ext 255.255.255.252

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns domain-lookup inside

dns server-group DefaultDNS

name-server 10.5.1.1

name-server 10.5.1.2

name-server 10.100.16.24

name-server 10.100.27.150

domain-name br.abb.com

access-list 10 extended permit icmp interface inside any

access-list 10 extended permit icmp any interface inside

access-list 20 extended permit udp interface inside interface outside eq domain

access-list 20 extended permit udp interface outside interface inside eq domain

access-list 21 extended permit udp interface inside interface outside eq bootps

access-list 21 extended permit udp interface outside interface inside eq bootps

global (outside) 1 interface

static (inside,outside) interface websvr-int netmask 255.255.255.255 dns

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 189.39.115.157 1

******************************************************************************

Could you please help me, so i can have Internet in TMG Forefront and other stations?

Any help will be apreciated!

1 REPLY
Silver

ASA 5505 with TMG Forefront

enable

config t

no  static (inside,outside) interface websvr-int netmask 255.255.255.255 dns

nat (inside) 1 0 0

no access-group inside_access_in in interface inside

clear xlate

show arp

show route

Value our effort and rate the assistance!

Value our effort and rate the assistance!
354
Views
0
Helpful
1
Replies
CreatePlease login to create content