https://community.cisco.com/t5/network-security/file-server-in-dmz-i-can-ping-it-but-can-t-connect-via-unc-path/m-p/2253253#M347739 <HTML><HEAD></HEAD><BODY><P> Hello, </P><P></P><P>Looks as though you have the right ports in the acl for the DMZ, is the acl on the Inside interface permitting everything through? </P><P></P><P>Have you filtered the logs by IP address and tried to connect? Would show if anything is being blocked along the way. </P></BODY></HTML> Wed, 19 Jun 2013 15:40:51 GMT andyjames 2013-06-19T15:40:51Z https://community.cisco.com/t5/network-security/file-server-in-dmz-i-can-ping-it-but-can-t-connect-via-unc-path/m-p/2253252#M347738 <P>host = Windows Server 2003 in DMZ ( 192.168.171.21 )</P><P></P><P>I <SPAN style="text-decoration: underline;"><STRONG>can ping</STRONG></SPAN> it from my INSIDE network ( INSIDE = 192.168.172.0 )</P><P></P><P>But I <SPAN style="text-decoration: underline;"><STRONG>can't connect via UNC path</STRONG></SPAN></P><P></P><P></P><P></P><P>access-list dmz_access_in extended permit ip 192.168.171.21 255.255.255.0 192.168.172.0 255.255.255.0</P><P></P><P><SPAN style="font-size: 10pt;">access-list dmz_access_in extended permit udp host 192.168.171.21 192.168.172.0 255.255.255.0 eq netbios-ns</SPAN></P><P>access-list dmz_access_in extended permit udp host 192.168.171.21 192.168.172.0 255.255.255.0 eq netbios-dgm</P><P></P><P>access-list dmz_access_in extended permit tcp host 192.168.171.21 192.168.172.0 255.255.255.0 eq 139</P><P>access-list dmz_access_in extended permit tcp host 192.168.171.21 192.168.172.0 255.255.255.0 eq 445</P><P></P><P>Is this even a firewall issue or a M$ issue? </P><P></P><P>Thanks,</P><P></P><P>Ian.</P> Tue, 12 Mar 2019 02:00:29 GMT https://community.cisco.com/t5/network-security/file-server-in-dmz-i-can-ping-it-but-can-t-connect-via-unc-path/m-p/2253252#M347738 Ian Walker 2019-03-12T02:00:29Z https://community.cisco.com/t5/network-security/file-server-in-dmz-i-can-ping-it-but-can-t-connect-via-unc-path/m-p/2253253#M347739 <HTML><HEAD></HEAD><BODY><P> Hello, </P><P></P><P>Looks as though you have the right ports in the acl for the DMZ, is the acl on the Inside interface permitting everything through? </P><P></P><P>Have you filtered the logs by IP address and tried to connect? Would show if anything is being blocked along the way. </P></BODY></HTML> Wed, 19 Jun 2013 15:40:51 GMT https://community.cisco.com/t5/network-security/file-server-in-dmz-i-can-ping-it-but-can-t-connect-via-unc-path/m-p/2253253#M347739 andyjames 2013-06-19T15:40:51Z https://community.cisco.com/t5/network-security/file-server-in-dmz-i-can-ping-it-but-can-t-connect-via-unc-path/m-p/2253254#M347740 <HTML><HEAD></HEAD><BODY><P>My understanding is that a <EM><STRONG>stateful</STRONG></EM> connection originating from the INSIDE Security level 100 will be allowed back in from DMZ security level 50 ?</P><P></P><P></P><P>On the inside interface I have only the default 1 implicit incoming rule </P><P><SPAN style="font-size: 10pt;">Source = ANY&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Destination = Anly less secure</SPAN></P><P></P><P>Do I need acl on INSIDE interface ?</P><P></P><P>Thanks,</P><P>Ian.</P></BODY></HTML> Wed, 19 Jun 2013 15:58:44 GMT https://community.cisco.com/t5/network-security/file-server-in-dmz-i-can-ping-it-but-can-t-connect-via-unc-path/m-p/2253254#M347740 Ian Walker 2013-06-19T15:58:44Z https://community.cisco.com/t5/network-security/file-server-in-dmz-i-can-ping-it-but-can-t-connect-via-unc-path/m-p/2253255#M347741 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Yep, if you only have the default rule on the Inside then it should allow the flow through to the DMZ and back. No need for an acl on the Inside, just wasn't sure if you had one other than the default or not. </P><P></P><P>Would try filtering the logs to see if anything is being blocked, other than that, packet tracer might flag something up. </P></BODY></HTML> Wed, 19 Jun 2013 16:06:08 GMT https://community.cisco.com/t5/network-security/file-server-in-dmz-i-can-ping-it-but-can-t-connect-via-unc-path/m-p/2253255#M347741 andyjames 2013-06-19T16:06:08Z