Setting up "MS File Sharing" on PIX515E 7.2 using ASDM 5.2

Discussion in 'Cisco' started by Andrey Tarasov, Mar 26, 2009.

  1. David Henzler wrote:
    > I finally have my Pix configured, and have learned much about how it
    > works, however I still have a problem with seeing Samba shares in the DMZ
    > from my inside network.
    >
    > Does anyone out there have configuration experience with this ?


    Depends on definition of seeing. What do you mean by that? Do you want
    to see shares in Network Neighborhood? Via "net view \\computername"
    command? Or just connect to the shares?

    Regards,
    Andrey.
     
    Andrey Tarasov, Mar 26, 2009
    #1
    1. Advertising

  2. I finally have my Pix configured, and have learned much about how it
    works, however I still have a problem with seeing Samba shares in the DMZ
    from my inside network.

    Does anyone out there have configuration experience with this ?

    Regards

    David
     
    David Henzler, Mar 26, 2009
    #2
    1. Advertising

  3. On Thu, 26 Mar 2009 09:03:35 -0700, Andrey Tarasov wrote:

    > David Henzler wrote:
    >> I finally have my Pix configured, and have learned much about how it
    >> works, however I still have a problem with seeing Samba shares in the
    >> DMZ from my inside network.
    >>
    >> Does anyone out there have configuration experience with this ?

    >
    > Depends on definition of seeing. What do you mean by that? Do you want to
    > see shares in Network Neighborhood? Via "net view \\computername" command?
    > Or just connect to the shares?
    >
    > Regards,
    > Andrey.


    Thanks for getting back to me Andrey.

    I'd like it to work just the way it normally does on Windows XP. I want
    to have the share show up in the Network Neighborhood. This would make it
    easy for the non-techie staff to find and use the shared info.

    I've had it working to the point where I can set up a drive letter and
    assign the share, but then each computer needs to be modified to the same
    settings.

    Looking for the simple answer for users..

    Regards

    David
     
    David Henzler, Apr 20, 2009
    #3
  4. Andrey Tarasov

    bod43 Guest

    On 20 Apr, 06:27, David Henzler <> wrote:
    > On Thu, 26 Mar 2009 09:03:35 -0700, Andrey Tarasov wrote:
    > > David Henzler wrote:
    > >> I finally have my Pix configured, and have learned much about how it
    > >> works, however I still have a problem with seeing Samba shares in the
    > >> DMZ from my inside network.

    >
    > >> Does anyone out there have configuration experience with this ?

    >
    > > Depends on definition of seeing. What do you mean by that? Do you want to
    > > see shares in Network Neighborhood? Via "net view \\computername" command?
    > > Or just connect to the shares?

    >
    > > Regards,
    > > Andrey.

    >
    > Thanks for getting back to me Andrey.
    >
    > I'd like it to work just the way it normally does on Windows XP.  I want
    > to have the share show up in the Network Neighborhood.  This would make it
    > easy for the non-techie staff to find and use the shared info.
    >
    > I've had it working to the point where I can set up a drive letter and
    > assign the share, but then each computer needs to be modified to the same
    > settings.
    >
    > Looking for the simple answer for users..


    This may well not be possible without a domain. Do you
    use a Domain?
    http://en.wikipedia.org/wiki/Windows_Server_domain

    It may seem irritating to you however the problem
    you are trying to solve is very tough technically
    especially for large networks. It is arranged to work
    magically on a single subnet by using broadcasts
    however this does not scale and quickly breaks
    down as networks get larger.

    If you had a router and not a pix I suppose that you might
    be able to fudge it up with some kind of UDP forwarding. I
    doubt, but i am not sure, that the pix does UDP
    forwarding.

    The other option is probably a WINS server.
    You can set up DHCP to issue a WINS server and
    manually configure non-dhcp devices to use it too.
    That should work I think.

    Google for [windows browsing across subnets].

    By the way - it seems that Server 2008 (and maybe
    by implication Vista) does not do old fasioned
    broadcast browsing by default.

    "NetBIOS Browsing Across Subnets May Fail
    After Upgrading to Windows Server 2008".

    If this seems complicated, it is because MS could
    not make its mind up and has come up with many
    (now 4 at least) different methods for solving this
    problem. The problem however is very tough to
    scale and so none of the solutions work on a
    large network.
     
    bod43, Apr 20, 2009
    #4
  5. On Sun, 19 Apr 2009 23:47:06 -0700, bod43 wrote:

    > On 20 Apr, 06:27, David Henzler <> wrote:
    >> On Thu, 26 Mar 2009 09:03:35 -0700, Andrey Tarasov wrote:
    >> > David Henzler wrote:
    >> >> I finally have my Pix configured, and have learned much about how it
    >> >> works, however I still have a problem with seeing Samba shares in the
    >> >> DMZ from my inside network.

    >>
    >> >> Does anyone out there have configuration experience with this ?

    >>
    >> > Depends on definition of seeing. What do you mean by that? Do you want
    >> > to see shares in Network Neighborhood? Via "net view \\computername"
    >> > command? Or just connect to the shares?

    >>
    >> > Regards,
    >> > Andrey.

    >>
    >> Thanks for getting back to me Andrey.
    >>
    >> I'd like it to work just the way it normally does on Windows XP.  I
    >> want to have the share show up in the Network Neighborhood.  This would
    >> make it easy for the non-techie staff to find and use the shared info.
    >>
    >> I've had it working to the point where I can set up a drive letter and
    >> assign the share, but then each computer needs to be modified to the
    >> same settings.
    >>
    >> Looking for the simple answer for users..

    >
    > This may well not be possible without a domain. Do you use a Domain?
    > http://en.wikipedia.org/wiki/Windows_Server_domain
    >
    > It may seem irritating to you however the problem you are trying to solve
    > is very tough technically especially for large networks. It is arranged to
    > work magically on a single subnet by using broadcasts however this does
    > not scale and quickly breaks down as networks get larger.
    >
    > If you had a router and not a pix I suppose that you might be able to
    > fudge it up with some kind of UDP forwarding. I doubt, but i am not sure,
    > that the pix does UDP forwarding.
    >
    > The other option is probably a WINS server. You can set up DHCP to issue a
    > WINS server and manually configure non-dhcp devices to use it too. That
    > should work I think.
    >
    > Google for [windows browsing across subnets].
    >
    > By the way - it seems that Server 2008 (and maybe by implication Vista)
    > does not do old fasioned broadcast browsing by default.
    >
    > "NetBIOS Browsing Across Subnets May Fail After Upgrading to Windows
    > Server 2008".
    >
    > If this seems complicated, it is because MS could not make its mind up and
    > has come up with many (now 4 at least) different methods for solving this
    > problem. The problem however is very tough to scale and so none of the
    > solutions work on a large network.


    Thanks fot the info... I'll look into that.

    The Pix has some limited routing capability, however I don't know it's
    limitations. It may not be able to route UDP. I'm a novice at this whole
    thing, but have been intensly interested in networking for the past 10
    years, and played around with consumer junk. Recently I started my own
    business, and needed to have better equipment. I host my own websites,
    and mail. So learning a lot... very fast about how bad it is out there.

    Regards

    David Henzler
     
    David Henzler, Apr 20, 2009
    #5
  6. Andrey Tarasov

    bod43 Guest

    On 20 Apr, 20:11, David Henzler <> wrote:
    > On Sun, 19 Apr 2009 23:47:06 -0700, bod43 wrote:
    > > On 20 Apr, 06:27, David Henzler <> wrote:
    > >> On Thu, 26 Mar 2009 09:03:35 -0700, Andrey Tarasov wrote:
    > >> > David Henzler wrote:
    > >> >> I finally have my Pix configured, and have learned much about how it
    > >> >> works, however I still have a problem with seeing Samba shares in the
    > >> >> DMZ from my inside network.

    >
    > >> >> Does anyone out there have configuration experience with this ?

    >
    > >> > Depends on definition of seeing. What do you mean by that? Do you want
    > >> > to see shares in Network Neighborhood? Via "net view \\computername"
    > >> > command? Or just connect to the shares?

    >
    > >> > Regards,
    > >> > Andrey.

    >
    > >> Thanks for getting back to me Andrey.

    >
    > >> I'd like it to work just the way it normally does on Windows XP.  I
    > >> want to have the share show up in the Network Neighborhood.  This would
    > >> make it easy for the non-techie staff to find and use the shared info.

    >
    > >> I've had it working to the point where I can set up a drive letter and
    > >> assign the share, but then each computer needs to be modified to the
    > >> same settings.

    >
    > >> Looking for the simple answer for users..

    >
    > > This may well not be possible without a domain. Do you use a Domain?
    > >http://en.wikipedia.org/wiki/Windows_Server_domain

    >
    > > It may seem irritating to you however the problem you are trying to solve
    > > is very tough technically especially for large networks. It is arranged to
    > > work magically on a single subnet by using broadcasts however this does
    > > not scale and quickly breaks down as networks get larger.

    >
    > > If you had a router and not a pix I suppose that you might be able to
    > > fudge it up with some kind of UDP forwarding. I doubt, but i am not sure,
    > > that the pix does UDP forwarding.

    >
    > > The other option is probably a WINS server. You can set up DHCP to issue a
    > > WINS server and manually configure non-dhcp devices to use it too. That
    > > should work I think.

    >
    > > Google for [windows browsing across subnets].

    >
    > > By the way - it seems that Server 2008 (and maybe by implication Vista)
    > > does not do old fasioned broadcast browsing by default.

    >
    > > "NetBIOS Browsing Across Subnets May Fail After Upgrading to Windows
    > > Server 2008".

    >
    > > If this seems complicated, it is because MS could not make its mind up and
    > > has come up with many (now 4 at least) different methods for solving this
    > > problem. The problem however is very tough to scale and so none of the
    > > solutions work on a large network.

    >
    > Thanks fot the info... I'll look into that.
    >
    > The Pix has some limited routing capability, however I don't know it's
    > limitations.  It may not be able to route UDP.  I'm a novice at this whole
    > thing, but have been intensly interested in networking for the past 10
    > years, and played around with consumer junk.  Recently I started my own
    > business, and needed to have better equipment.  I host my own websites,
    > and mail.  So learning a lot...  very fast about how bad it is out there.


    If you have a domain then use that otherwise WINS.
     
    bod43, Apr 21, 2009
    #6
  7. Andrey Tarasov

    Vincent Guest

    On Apr 20, 8:33 pm, bod43 <> wrote:
    > On 20 Apr, 20:11, David Henzler <> wrote:
    >
    >
    >
    > > On Sun, 19 Apr 2009 23:47:06 -0700, bod43 wrote:
    > > > On 20 Apr, 06:27, David Henzler <> wrote:
    > > >> On Thu, 26 Mar 2009 09:03:35 -0700, Andrey Tarasov wrote:
    > > >> > David Henzler wrote:
    > > >> >> I finally have my Pix configured, and have learned much about how it
    > > >> >> works, however I still have a problem with seeing Samba shares in the
    > > >> >> DMZ from my inside network.

    >
    > > >> >> Does anyone out there have configuration experience with this ?

    >
    > > >> > Depends on definition of seeing. What do you mean by that? Do you want
    > > >> > to see shares in Network Neighborhood? Via "net view \\computername"
    > > >> > command? Or just connect to the shares?

    >
    > > >> > Regards,
    > > >> > Andrey.

    >
    > > >> Thanks for getting back to me Andrey.

    >
    > > >> I'd like it to work just the way it normally does on Windows XP.  I
    > > >> want to have the share show up in the Network Neighborhood.  This would
    > > >> make it easy for the non-techie staff to find and use the shared info.

    >
    > > >> I've had it working to the point where I can set up a drive letter and
    > > >> assign the share, but then each computer needs to be modified to the
    > > >> same settings.

    >
    > > >> Looking for the simple answer for users..

    >
    > > > This may well not be possible without a domain. Do you use a Domain?
    > > >http://en.wikipedia.org/wiki/Windows_Server_domain

    >
    > > > It may seem irritating to you however the problem you are trying to solve
    > > > is very tough technically especially for large networks. It is arranged to
    > > > work magically on a single subnet by using broadcasts however this does
    > > > not scale and quickly breaks down as networks get larger.

    >
    > > > If you had a router and not a pix I suppose that you might be able to
    > > > fudge it up with some kind of UDP forwarding. I doubt, but i am not sure,
    > > > that the pix does UDP forwarding.

    >
    > > > The other option is probably a WINS server. You can set up DHCP to issue a
    > > > WINS server and manually configure non-dhcp devices to use it too. That
    > > > should work I think.

    >
    > > > Google for [windows browsing across subnets].

    >
    > > > By the way - it seems that Server 2008 (and maybe by implication Vista)
    > > > does not do old fasioned broadcast browsing by default.

    >
    > > > "NetBIOS Browsing Across Subnets May Fail After Upgrading to Windows
    > > > Server 2008".

    >
    > > > If this seems complicated, it is because MS could not make its mind up and
    > > > has come up with many (now 4 at least) different methods for solving this
    > > > problem. The problem however is very tough to scale and so none of the
    > > > solutions work on a large network.

    >
    > > Thanks fot the info... I'll look into that.

    >
    > > The Pix has some limited routing capability, however I don't know it's
    > > limitations.  It may not be able to route UDP.  I'm a novice at this whole
    > > thing, but have been intensly interested in networking for the past 10
    > > years, and played around with consumer junk.  Recently I started my own
    > > business, and needed to have better equipment.  I host my own websites,
    > > and mail.  So learning a lot...  very fast about how bad it is out there.

    >
    > If you have a domain then use that otherwise WINS.


    > Some ideas you want to look at.....

    If you are using a translation group it makes things a bit tricky as
    you can go through any IP in that group.
    From my knowledge, all you need to do is to create access rules to
    allow UDP and TCP, PIX 515E can do it...no problem.
    Have your DMZ server point to DMZ IP (This is a host that you create
    on the PIX....(Your internal DNS server) NAT that to internal IP.
    DMZ server allow DNS lookup to internal DNS server. Create DNS entry
    for you DMZ server specify DMZ IP.
    In all you should be able to map network drive via \\dmz\share.

    If you want, drop me a mail.....I'll have a look and verify for you
    the exact config for the pix.... 2:07 AM my brains not that fresh
    right now...

    Regards,

    Vincent
     
    Vincent, Apr 21, 2009
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?Q2hyaXMgQ2xhcms=?=

    File Sharing Intermittent but Pings fine and iTunes Sharing works

    =?Utf-8?B?Q2hyaXMgQ2xhcms=?=, Dec 5, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    742
    Malke
    Dec 5, 2004
  2. =?Utf-8?B?YmVuanlyYW1h?=

    Setup file sharing and periphial sharing

    =?Utf-8?B?YmVuanlyYW1h?=, Mar 19, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    719
    Jack \(MVP\)
    Mar 19, 2005
  3. David Henzler

    Pix515e with IOS 7.24 and ASDM 5.24

    David Henzler, Feb 23, 2009, in forum: Cisco
    Replies:
    3
    Views:
    1,093
    David Henzler
    Mar 1, 2009
  4. David Henzler

    setting up ACL under ASDM

    David Henzler, Feb 24, 2009, in forum: Cisco
    Replies:
    0
    Views:
    553
    David Henzler
    Feb 24, 2009
  5. WindowsAssassin
    Replies:
    3
    Views:
    4,144
    John Turco
    May 27, 2011
Loading...

Share This Page