I was asked to troubleshoot Active Directory DC synchronization network issues. Two DC’s are behind TMG, the third is in an ASA DMZ so the path is :
DC0 — ASA — TMG — DC73
Subnets:
10.0.0.0/24 — ASA — 10.0.203.0/24 — TMG — 10.0.73.0/24
The TMG performs no NAT for these networks so it’s plain routing. TMG has a default gateway set to ASA and ASA has a static route pointing to TMG’s outside address 10.0.203.100 .
Connectivity was completely broken (no ping, AD sync fail). On the ASA we could see half-open TCP connections:
Read the rest of this entry »
LTLnetworker | IT hálózatok, biztonság, Cisco 