07-04-2005 09:59 PM - edited 02-21-2020 12:15 AM
On Pix 515 I open port 135/TCP , 389/TCP/UDP, 636/TCP, 53/TCP/UDP, 88/Tcp/Udp & 445/TCP. Now I can logon to domain but still no able to join computer to domain via Administrator id. I got message; Network path not found. If i assign IP to IP permission on PIX then it's working. Pls. suggest.
07-05-2005 04:33 AM
Hi,
what do you mean by "IP to IP permission"?
Kind Regards,
Tom
07-05-2005 04:46 AM
Perhaps you are missing Global Catalog (TCP/3268 and SSL-version at TCP/3269)?
Check this link for some info on AD:
http://www.windowsitpro.com/Article/ArticleID/37928/37928.html
07-06-2005 07:56 AM
I have permitted TCP/3268 & TCP/3269 ports but still not able to join computer to domain via an authorized id. Pls. Look into this.
07-09-2005 05:49 AM
It's simpler if you check your logs to see what is being blocked...
Run the logging buffer at severity 4 (warnings) to avoid seeing the build-up and teardowns of allowed sessions.
If you run a syslog server, run at severity 6 (informational) and take a look at the logs watching for "%PIX-4-106023: Deny..."
or maybe the "%PIX-6-106015: Deny TCP (no connection) from..." messages.
07-19-2005 05:20 AM
I have exactly the same problem, I had assumed that the following access-list would allow inbound access to our network without any issues, but we still have a problem with PCs not able to Join a Windows Domain, and not able to change password, but able to login:-
access-list outside_acl line 1 permit ip x.x.x.x 255.255.192.0 any (hitcnt=1399846)
Note X.X.X.X is for illustration only. The hitcnt indicates some success such as some of the ports you have listed.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide