PIX - restrict services

Discussion in 'Cisco' started by Sarastra Maya, Sep 21, 2006.

  1. Okay, so I got DNS working.

    New problem: I can't log on to my domain controller from Outside.
    What's the deal? Netbios is broken, literally, behind a NAT?
     
    Sarastra Maya, Sep 27, 2006
    #21
    1. Advertisements

  2. Domain controller issue solved; missed some ports.

    New problem: Exchange server cannot be located from Outside. What else
    is there to troubleshoot?
     
    Sarastra Maya, Sep 27, 2006
    #22
    1. Advertisements

  3. Sarastra Maya

    CCIE #15766 Guest

    Hi Sarastra Maya,

    I am sorry but I do not how Windows network and Exchange server works.
    There must be some ports need to be opened for Exchange server. You
    should consult the documents provided by Microsoft. You can also
    sniffer the packets on the PIX, by using "capture" (see
    http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/c.htm#wp1053548)
    or simply add a "deny ip any any" at the end of an ACL and try to login
    to the Exchange server from your Windows client to see what violation
    log says. I guess you need to permit SMTP and/or POP3.
     
    CCIE #15766, Sep 28, 2006
    #23
  4. Thanks, CCIE #15766!

    I believe the netbios issue and exchange server issue are relative to
    each other; how messy windows handles name resolve through domain
    controller\\.. But at any rate, for this instance I can get around the
    issue without over troubleshooting it.

    capture: That's a great troubleshooting feature, btw. I never would
    have thought of that.
     
    Sarastra Maya, Sep 28, 2006
    #24
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.