ASA 5505 with TMG Forefront

mrodryguez · ‎12-15-2013

I have the following scenario in a branch office:

A ASA 5505 connected to Core Switch(there is only one in this branch location) and a TMG Forefront Server connected to an ASA inside port.

The external port e0/0 is connected to the ADSL provider.

My ASA is configured as you can see below, but i don't have Internet even in the TMG Forefront. But i can ping external IPs inside ASA. My proxy IP configuration is like this:

TMG IP Config:

IP: 10.100.17.55

Mask: 255.255.255.192

Gw: 10.100.17.1/10.100.17.10

ADSL IP Config(Static):

IP: 189.39.115.158

Mask: 255.255.255.252

Gw: 189.39.115.157

DNS: 10.5.1.1/10.5.1.2

ASA 5505 Config:

name 189.39.115.158 websrv-ext

name 10.100.17.55 websvr-int

interface Vlan1

nameif inside

security-level 100

ip address 10.100.17.10 255.255.255.192

!

interface Vlan2

nameif outside

security-level 50

ip address websrv-ext 255.255.255.252

!

interface Ethernet0/0

switchport access vlan 2

!

interface Ethernet0/1

!

interface Ethernet0/2

!

interface Ethernet0/3

!

interface Ethernet0/4

interface Ethernet0/5

!

interface Ethernet0/6

!

interface Ethernet0/7

!

ftp mode passive

dns domain-lookup inside

dns server-group DefaultDNS

name-server 10.5.1.1

name-server 10.5.1.2

name-server 10.100.16.24

name-server 10.100.27.150

domain-name br.abb.com

access-list 10 extended permit icmp interface inside any

access-list 10 extended permit icmp any interface inside

access-list 20 extended permit udp interface inside interface outside eq domain

access-list 20 extended permit udp interface outside interface inside eq domain

access-list 21 extended permit udp interface inside interface outside eq bootps

access-list 21 extended permit udp interface outside interface inside eq bootps

global (outside) 1 interface

static (inside,outside) interface websvr-int netmask 255.255.255.255 dns

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 189.39.115.157 1

******************************************************************************

Could you please help me, so i can have Internet in TMG Forefront and other stations?

Any help will be apreciated!

jumora · ‎12-16-2013

enable

config t

no static (inside,outside) interface websvr-int netmask 255.255.255.255 dns

nat (inside) 1 0 0

no access-group inside_access_in in interface inside

clear xlate

show arp

show route

Value our effort and rate the assistance!