I'm in need of some help with configuring TMG to work with IBCM. I haven't found much out there as far as configuration steps other than a TechNet article that goes through how to set up an ISA server for IBCM<http://technet.microsoft.com/en-us/library/cc707697.aspx>. Apparently the ISA config is nearly identical to the TMG config but I didn't see this particular option being discussed. By default, requests appear to come from TMG. Is that the right setting though? In your opinion, would requests need to appear to come from TMG or would they need to appear as if they came from the original client? When I have this setting configured so that requests appear to come from TMG, communication from the client to the MP is successful. Policies download, swdist works, etc. However, its letting communication through regardless if the requesting client has a certificate or not. For example, I can go to the https://<FQDN>/.sms_aut?mplist URL on my cell phone or home computer and it'll properly show me the XML data. In other words, my MP is wide open. I think the reason for that is because this TMG rule is configured to use the client certificate for SSL bridging (which I was instructed to do per the Technet article). So when the client request comes in, even if the client doesn't have a client cert, TMG makes the "handshake" with the MP and just lets the client request through. I'm thinking the proper way to set this up is so that the requests need to appear to come from the client itself. But, if I change the rule to reflect that setting, communication is broken. Just wanted to get everyones perspective on that, especially if you've configured TMG/ISA for IBCM in the past. Thanks in advance.
[cid:[email protected]] ________________________________ IRS Compliance: Any tax advice contained in this communication (including any attachments) is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties imposed under the Internal Revenue Code or applicable state or local tax law or (ii) promoting, marketing, or recommending to another party any transaction or matter addressed herein. ________________________________ Confidentiality Notice: This e-mail is intended only for the addressee named above. It contains information that is privileged, confidential or otherwise protected from use and disclosure. If you are not the intended recipient, you are hereby notified that any review, disclosure, copying, or dissemination of this transmission, or taking of any action in reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please reply to the sender listed above immediately and permanently delete this message from your inbox. Thank you for your cooperation.
<<inline: image001.png>>
