Home > Exchange, Lync > Doing More with Just One Public IP (Part 1)

Doing More with Just One Public IP (Part 1)


Recently I found myself wanting to do more and more with my home lab.  I have AT&T U-Verse internet/Cable which I am a huge fan of, but this service only provides me a single Public IP Address…

So I just decided to update my infrastructure to a HP DL360G4p with Windows Server 2008 R2 Core with Hyper-V. My goal eventually is to have a couple of these boxes with a Windows Storage Server as an iSCSI target, soon enough. After installing Communications Server “14”, Exchange 2010, SharePoint 2010 and a SQL server with SSRS, I decided I needed to implement some secure remote access to my environment along with a way to get to all the web sites without using different ports. So I installed Forefront TMG 2010 (this is the new version of ISA Server rebranded to the Forefront product line). Now I have implemented ISA/TMG for many client over the past several years to secure Exchange (OWA/Outlook Anywhere/ActiveSync) and OCS (Address book, DL Expansion, Meeting Content, CWA) but I have never implemented it in the way that I had to use a single IP address.

TMG, like ISA allows you to look past the source and destination IP and look at the URL to determine where the connection should go. For example, I have im.unplugthepbx.com, www.unplugthepbx.com, admin.unplugthepbx.com, mail.unplugthepbx.com and several other URLs going to the same public IP in my external DNS. All HTTP and HTTPS traffic in my environment is configured to go to my Forefront TMG server. The Forefront TMG server takes the URL and proxies the connection to the appropriate web server. The same can be said about what comes after the FQDN (ie: http://im.unplugthepbx.com/cscp is the location for the Communications Server Control Panel but http://im.unplugthepbx.com is the location for my communicator web access which is on the same server but different port).

I have recently seen many inquiries on the TechNet Forums asking how this could be implemented, so here is part 1 of my configuration showing the Network Configuration of TMG and the rules:


First, let’s start after Forefront TMG 2010 is installed. In my case I used standard edition since I do not have a need for an Enterprise Array of multiple TMG servers. After Installation, I ran the Getting Started Wizard.

Select Configure Network Settings to launch the wizard.

Select “Next” to continue

In my case, I am using a Single Network Adapter or a “Single Leg” Firewall.

TMG will default to your network adapter settings including IP/Subnet/Gateway/DNS.

That’s it for the network setup. Select “Finish” to continue

Now Select “Configure System Settings” to launch that wizard.

Select “Next” to continue

Select the Windows Domain that TMG will use to authenticate users against.

That’s it for the system setup. Select “Finish” to continue

Now Select “Define Deployment Options” to launch that wizard. I did not screen shot this because it isn’t all that important. I do not use NIS or the Web Filtering service and selected the defaults for automatic updates and customer improvement program.


Categories: Exchange, Lync
  1. April 2, 2011 at 6:41 pm

    Appreciating the persistence you put into your site and in depth information you present. It’s awesome to come across a blog every once in a while that isn’t the same old rehashed information. Great read! I’ve saved your site and I’m adding your RSS feeds to my Google account.

  2. April 5, 2011 at 1:54 am

    My partner and I stumbled over here coming from a different web address and thought I may as well check things out. I like what I see so now i’m following you. Look forward to checking out your web page again.

  1. September 3, 2011 at 8:33 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: