Home / server / Questions / 805326
In Process
Ivan Zhilin
Asked: 2016-09-27 03:40:02 +0800 CST

External (Internet) IP of TMG 2010 client

  • 772

We need to determine external IP of clients, that connect to our internal servers (Exchange - OWA+Mail) through TMG 2010 (AD authentication). We found these log entries in TMG log:

  • time - external client IP
  • time - virtual IP - internal server IP - account

But we unable to correlate these entries to get:

  • external client IP - internal server IP - account

Is it possible? Or may be there are any other logs?

P.S. We use reverse proxy feature and can't enable Secure NAT.

vpn microsoft-ftmg-2010 tmg

2 Answers

  1. Аuthentication logs of NPS (External IP Account)

    I enable both Authentication and Accounting requests. No restart is required (log appears authomatically after 2 min). I select IAS file format.

    Logs location (by default) is: %windir%\system32\logfiles\in%YEAR%%MONTH%.log

    Example (from internet):

    192.168.20.2,USERNAME,06/16/2011,20:01:18,RAS,NAMEOFSERVER,4,192.168.20.2,6,2,7,1,5,130,61,5,64,1,65,1,31,166.205.14.159,66,166.205.14.159,25,311 1 192.168.20.2 05/25/2011 06:46:35 328,44,5499,8,192.168.10.158,12,1500,50,595,51,1,55,1308268878,45,3,40,1,4108,192.168.20.2,4147,311,4148,MSRASV5.20,4120,0x004D455441,4294967206,4,4154,Use Windows authentication for all users,4136,4,4142,0

    RRAS logs

    Can be configured at RRAS MMC console. Logs are written to System log (use Event Viewer). Does not contains external IP of success authentications but are interesting.

    • 0

  2. In Logging, you need the following conditions:

    • "Destination IP" EQUALS "x.x.x.x" (Enter your published server's LAN IP here)
    • "Log Time" either LIVE or select an alternate time duration as per your requirement.

    This should give you a list of all requests from WAN IP to the published server along with other details.

    • 0