11-10-2003 02:32 AM - edited 02-20-2020 11:05 PM
Hiah
I have set up a Pix firewall and believe the problems to be with the internal DNS configuration and not the Pix.
I have been assigned a range of external IP addresses, for the following services:
17 - BT router
18 - External Wan - fixed wan
19 - SMTP - virtual static mapping
20 - OWA - Virtual static mapping
21 - FTP - virtual static mapping
22 - global address - and resolves on shields up
I have configured the firewall with access-lists and also static mappings for those addresses which I call virtual above.
I have 3 servers which provide the following services (all W2K servers)
192.168.1.1 - gateway - pix internal
192.168.1.2 - root domain controller, DNS, Wins
192.168.1.3 - domain controller, Exchange server 2k & OWA
192.168.1.7 - ftp server
There seems to be a problem with the Internal Active Directory integrated DNS server configuration, this is what I can or cannot do:
- to get www, I type in the gateway above and have no proxy settings in the internet options. I have to type in the local workstations DNS settings on the nic, an external dns server. I have setup forwarders on the internal DNS server (in the properties of the server container) I actually typed in a variety of external dns server ip addresses.
why can't I leave the primary and secondary dns ip addresses as the two internal dns servers, why do I have to insert an external ip dns server here.
- I am getting no resolution from external to internal to these:
ip address 19 assigned to the SMTP
IP address 20 assigned to OWA
ip address 21 assigned to ftp
- I have opened the firewall to ping in and out
- telnetting should be allowed also by default.
- everything I try is not resolved or unreachable
Does anybody know what needs doing on W2k internal DNS or perhaps I should be looking at something else.
I am not very good at DNS, so please explain exactly how to do the configuration...
Please help.
thanks very much
11-10-2003 09:55 PM
Hopefully, this will help:
Specifically look at "Troubleshooting the Domain Locator Process"
11-11-2003 02:40 AM
had a go at all those commands and it was working fine.
I wondered if there is something specific I should be setting up in Internal DNS to make this pix firewall's static mappings work.
11-18-2003 02:45 AM
Hi
You can have a static mapping for your primary domain Controller as follows in your PIX Firewall
static(inside,outside) interface 192.168.1.2 netmask 255.255.255.255 0 0
Also an access list as follows
access-list outside_access_in permit udp any host 192.168.1.2 eq domain
Then enable Forwarders in the DNS of your Primary Domain Controller with the DNS Server IP Addresses of your ISP.
Configure your internal workstations with the DNS pointing your PDC.
Try this. Best of luck.
Please let me know if this works or not.
Regards
Anoop K Narayanan
NICBM Kuwait
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide