cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
763
Views
0
Helpful
5
Replies

Required Tcp/udp Port no on PIX to join computer to Windows 2000 Domain.

pankaj_cisco111
Level 1
Level 1

On Pix 515 I open port 135/TCP , 389/TCP/UDP, 636/TCP, 53/TCP/UDP, 88/Tcp/Udp & 445/TCP. Now I can logon to domain but still no able to join computer to domain via Administrator id. I got message; Network path not found. If i assign IP to IP permission on PIX then it's working. Pls. suggest.

5 Replies 5

tvanginneken
Level 4
Level 4

Hi,

what do you mean by "IP to IP permission"?

Kind Regards,

Tom

johansens
Level 4
Level 4

Perhaps you are missing Global Catalog (TCP/3268 and SSL-version at TCP/3269)?

Check this link for some info on AD:

http://www.windowsitpro.com/Article/ArticleID/37928/37928.html

I have permitted TCP/3268 & TCP/3269 ports but still not able to join computer to domain via an authorized id. Pls. Look into this.

It's simpler if you check your logs to see what is being blocked...

Run the logging buffer at severity 4 (warnings) to avoid seeing the build-up and teardowns of allowed sessions.

If you run a syslog server, run at severity 6 (informational) and take a look at the logs watching for "%PIX-4-106023: Deny..."

or maybe the "%PIX-6-106015: Deny TCP (no connection) from..." messages.

ashfortha
Level 1
Level 1

I have exactly the same problem, I had assumed that the following access-list would allow inbound access to our network without any issues, but we still have a problem with PCs not able to Join a Windows Domain, and not able to change password, but able to login:-

access-list outside_acl line 1 permit ip x.x.x.x 255.255.192.0 any (hitcnt=1399846)

Note X.X.X.X is for illustration only. The hitcnt indicates some success such as some of the ports you have listed.

Review Cisco Networking for a $25 gift card