We need to determine external IP of clients, that connect to our internal servers (Exchange - OWA+Mail) through TMG 2010 (AD authentication). We found these log entries in TMG log:
But we unable to correlate these entries to get:
Is it possible? Or may be there are any other logs?
P.S. We use reverse proxy feature and can't enable Secure NAT.
In Logging, you need the following conditions:
This should give you a list of all requests from WAN IP to the published server along with other details.
I enable both Authentication and Accounting requests. No restart is required (log appears authomatically after 2 min). I select IAS file format.
Logs location (by default) is: %windir%\system32\logfiles\in%YEAR%%MONTH%.log
Example (from internet):
192.168.20.2,USERNAME,06/16/2011,20:01:18,RAS,NAMEOFSERVER,4,192.168.20.2,6,2,7,1,5,130,61,5,64,1,65,1,31,166.205.14.159,66,166.205.14.159,25,311 1 192.168.20.2 05/25/2011 06:46:35 328,44,5499,8,192.168.10.158,12,1500,50,595,51,1,55,1308268878,45,3,40,1,4108,192.168.20.2,4147,311,4148,MSRASV5.20,4120,0x004D455441,4294967206,4,4154,Use Windows authentication for all users,4136,4,4142,0
Can be configured at RRAS MMC console. Logs are written to System log (use Event Viewer). Does not contains external IP of success authentications but are interesting.
