We have a UC560 on which I just enabled Unified Messaging. I cannot sem to connect to port 143 (standard IMAP port) from our computers. Here's a quick rundown of the setup:
Our network is on a 192.168.230.x subnet with a Microsoft TMG Server acting as gateway.
UC560 = 192.168.230.15
CUE = 10.1.10.1
TMG = 192.168.230.3
Initially, I added a static route on the TMG server to forward 10.1.10.x to 192.168.230.15. That granted me access to the CUE interface and I can communicate with the CUE web interface from any computer on the network. When I try to Telnet on port 143 from a workstation it won't connect (I get a "A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer" message in TMG when I trace the connection). I am able to Telnet into 143 on 10.1.10.1 from the TMG server, but not from any computers on the network.
Are you able to connect from the CUE or from the VLAN90(10.1.10.2 - ping 192.168.230.x source vlan90) to the PC?
Are you sure the TMG allows this connection?
If you connect a PC directly to the UC and put a static route directly to 10.1.10.0 network is it working?
If it is working directly you have to configure the TMG.
*Please rate helpful posts
If I telnet into the UC560 192.168.230.15:
ping 192.168.230.15 source vlan90 = fail
ping 10.1.10.1 source vlan90 = success
ping 10.1.10.2 source vlan90 = success
TMG is indeed configured to allow the connection.
If I connect a laptop directly into the PC port of the UC560 and assign the following, I can connect to port 143 on 10.1.10.1:
IP = 192.168.230.249
Subnet = 255.255.255.0
Gateway = 192.168.230.15
What should my routes and gateways look like on my UC560 interfaces (192.168.230.15, 10.1.10.1 and 10.1.10.2)?
It appears the routing is correct, but that the TMG is blocking the connection when it is the default gateway. It appears that since the TMG can't see the entire TCP handshake it just drops the connection.
As far as the routes, the gateway for 10.1.10.1 is 10.1.10.2, the network is a /30. The UC at 192.168.230.15 doens't necessarily need a gateway, but if you wanted to add one you would create a static default route that points to the TMG which will then route the traffic from the UC accordingly.
Here's the output of "sh ip route" for the UC560:
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.1.1.0/24 is directly connected, Vlan100
L 10.1.1.1/32 is directly connected, Vlan100
C 10.1.10.0/30 is directly connected, Vlan90
S 10.1.10.1/32 is directly connected, Vlan90
L 10.1.10.2/32 is directly connected, Vlan90
C 192.168.224.0/21 is directly connected, Vlan1
192.168.230.0/32 is subnetted, 1 subnets
L 192.168.230.15 is directly connected, Vlan1
And here's the output for the CUE module:
DEST GATE MASK IFACE
10.1.10.0 0.0.0.0 255.255.255.252 eth0
0.0.0.0 10.1.10.2 0.0.0.0 eth0
It is not the UC routing which is not correct - as previously said it is TMG blocking. Which is true if everything is ok when you connnect the PC with the UC. If your PC is in the 192.168.230.0 network then you may want to try the following:
If you want to route directly without going through the TMG please enter the following command in windows:
route add 10.1.10.0 mask 255.255.255.252 192.168.230.15
This will make the communication to the CUE network directly through the UC without routing through the TMG and it should work. Yuo may add the following to make this permanent route in windows:
route add 10.1.10.0 mask 255.255.255.252 192.168.230.15 -p
If you want to enable it trough TMG you should consult with the TMG manual or expert. I assume you have to add a rule which allows this communication through the firewall.
Also I do not see the default gateway on the UC from the output of the show ip route.
*Please rate helpful posts
I'm trying to avoid having to add a route manually to each workstation. I'll see what I can do with TMG. I added a "last resort gateway" pointing to TMG on the UC560, but still no joy.