klez0011klez0011 Member Posts: 48 ■■□□□□□□□□
assume we have 4 vlan and again suppose we have HSRP Structure so i want to add 1 TMG Server what you suggest which I put this Server[TMG] with 2 condition
1-All Cleints in All Vlans connect through internet by TMG server(and TMG can apply rules to all Vlan)
2-i think it's not good idea to connect router to TMG

please help me.


  • Jon_CiscoJon_Cisco Member Posts: 1,772 ■■■■■■■■□□
    This sounds an awful lot like another homework question. I don't have a recommendation but I bet your reading material does.

    Good Luck
  • d4nz1gd4nz1g Member Posts: 464

    First of all, your clients for each VLAN should use a virtual IP as a gateway (10.0.0.x for vlan X and 10.2.2.y for VLAN Y , for example).
    Your TMG is a firewall, right? So your HSRP devices should have a default route with your TMG as the default gateway.
  • klez0011klez0011 Member Posts: 48 ■■□□□□□□□□
    thanks i have some question please answer thanks again!
    1-As You say in first point of my topology i put TMG ,what's happen if i put tmg server between Router and 2 Switch Layer3 (as i show in image)
    2-in your suggest topology how i should connect TMG to Switch layer3(or router) i mean how i should give internet to router or switch from TMG Server could you please take me example about IP range and how i should do that?
    thanks alot
  • klez0011klez0011 Member Posts: 48 ■■□□□□□□□□
    as d4nz1g Suggest topology i think there is a one problem(I think ,i'm not certain only imagine ...)
    assume we have 4 vlan's so my TMG should have 4 internal Interface(+1 External(internet)) so if i connect 4 cable to switch A and I should connect again 1 cable to Switch B ...but if Switch A fail the connection between Switch A & Switch B Disconnected ...i think if i want to solve this problem my TMG Server maybe have 8 Interface to connect 4 NIC to switch A and same that $ card interface to switch B.....is it true?
    or NOT?
    if NOT please give me an example ...thanks.:)
  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    Setup the nic cards on TMG to support dot1q, connect the TMG to both switch A and B via a single trunk.
    If anything in the above sentence is unclear use google to figure it out.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
  • klez0011klez0011 Member Posts: 48 ■■□□□□□□□□
    thanks but 2 questions
    1-how I setup TMG to support dot1q

    2-as I said I in tmg i have 4 NIC card ...so how i connect tmg to switch only by 1 Trunk....???????????
    i mean that we have 4 vlan so for decrease the overload I should use 4 NIC card in my vlan's range ??????!!!!!!!11
  • d4nz1gd4nz1g Member Posts: 464
    Well, I would do that with the TMG using only 2 interfaces (inside and outside).

    You are using hsrp, so the cirtual router will be the gateway for all vlans, right?

    In the hsrp routers, the l3 switches in that case, you can create a default route pointing to the TMG.
    In this case, you will have the virtual hsrp router routing between vlans and networks inside your company, and the TMG routing for outside networks (aka Internet).

    I'm improving the design with some example of the l3 routing, will show it to you soon.
  • d4nz1gd4nz1g Member Posts: 464

    Well, it would be something "like" that.

    Not so much details because i am a little busy atm.
Sign In or Register to comment.