LTLnetworker | IT hálózatok, biztonság, Cisco

               IT networks, security, Cisco

Archive for February, 2013

Unreachable network behind TMG

Posted by ltlnetworker on February 3, 2013

I was asked to troubleshoot Active Directory DC synchronization network issues. Two DC’s are behind TMG, the third is in an ASA DMZ so the path is :

                  DC0  —            ASA   —                          TMG — DC73

         — ASA — — TMG —

The TMG performs no NAT for these networks so it’s plain routing. TMG has a default gateway set to ASA and ASA has a static route pointing to TMG’s outside address .

Connectivity was completely broken (no ping, AD sync fail). On the ASA we could see half-open TCP connections:
Read the rest of this entry »

Posted in ASA, Cisco | Tagged: , , | Leave a Comment »