No announcement yet.

Static NAT on TMG 2010?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Static NAT on TMG 2010?

    Not quite sure where this fit here in the forums, but if this is the wrong one, please move it

    Is it possible to have static NAT in both directions when using TMG2010?

    I am trying to use TMG as a router with multiple NAT rules.

    What I am trying to achieve: I got a set of 5 public IPs. Behind the router I have quite a few server which use the TMG as gateway. This is working fine.

    Now certain server, such as Exchange and Webserver (with SSL) require obviously their dedicated public IPs.

    So far I managed to get an outgoing NAT rule working, which I can easily confirm with sites such as

    But now I also need incoming NAT and apply firewall rules to it.

    To start with I tried to open RDP for one specific public IP which is NATed to a specific server but I am not getting anywhere with it.

    Whe creating a NAT rule it seems to insist on the IPs being present on the TMG server. For outgoing NAT I can easily choose the public IP assigned on the TMG server but when creating incoming NAT rules it seems you have to do the same with the private IPs which obviously wouldn't work as the IPs aren't assigned to the TMG server but the clients behind it.

    Am I getting the wrong end of the stick here ?

  • #2
    Re: Static NAT on TMG 2010?

    Assign all the IPs that are required externally to the TMG, then use publishing rules to determine how TMG routes that traffic.

    TMG doesn't directly use NAT rules or Port Forwarding rules the way that most firewalls do, hence the publishing rules.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    Cruachan's Blog