Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1745
Views
0
Helpful
4
Replies

Wins passing through firewall

Jim.Kiddoo
Level 1
Level 1

‎10-24-2002 09:03 AM - edited ‎03-09-2019 12:48 AM

I am trying to implement a pix 515e in stages. I am able to put our exchange server behind the firewall and access it from outside, but I am having problems seeing it when on the same network as it. This is do to not being able to resolve the email servers name to its ip 10.0.0.98. I have tried static mapping the internal ip to an external one. This give the email server better function but can still not see it when sitting right behind it. I have tried setting up a wins server behind the firewall also and setting the email client to use that wins, but to no avail. I have also tried a lmhosts file, no luck. We are on a campus so the main wins is run by exteranl people. He has told me that if I let through wins it should update it with the internal ip address also. Not sure if this is true. Any ideas what I can do? I would like to be able to keep the cureent routable ip when I move the non-test server behind the firewall. Any help would be appreciated.

Sincerely

Jim Kiddoo

Labels:
0 Helpful
4 Replies 4

gfullage
Cisco Employee
Cisco Employee

‎10-24-2002 08:40 PM

Are you saying that your PC and the email server are on the same network, but your WINS or DNS server are on a different segment behind the PIX, and the DNS/WINS server returns the external address of the email server?

If this is WINS there's not much you can do about it. If it's a DNS server that is returning the wrong address, then you can configure the PIX to modify the DNS record as it goes through and make it the internal address of the email server.

If you're running anything less than v6.2 on the PIX, then check out http://www.cisco.com/warp/public/110/alias.html.

If you're running 6.2, then you cna use the new static command with the "dns" keyword. Check out http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_62/cmdref/s.htm#xtocid23

0 Helpful

Jim.Kiddoo
Level 1
Level 1
In response to gfullage

‎10-25-2002 08:43 AM

It is actually the other way, email server and clients are behind pix on inside interface, wins and dns are outside firewall. the internal client can not figure out that the email server is sitting right beside it. I can create a static translation from 10.0.0.98 to the external x.x.x.98 and can get to it fine from the outside. I will play with the static command and see what happens. How do I make the pix tell the client that the email server is right beside it?

Thanks

Jim Kiddoo

0 Helpful

svarughe
Level 1
Level 1
In response to Jim.Kiddoo

‎10-27-2002 02:18 PM

open up the fowwling ports

make sure you open up

445 (TCP) - Server message block (SMB) for Netlogon, LDAP conversion and distributed file system (Dfs) discovery.

3268 (TCP) - LDAP to global catalog servers.

389 (TCP, UDP) - Lightweight Directory Access Protocol (LDAP).

135 (TCP) - EndPointMapper.

123 (TCP) - Windows Time Synchronization Protocol (NTP).

88 (Transmission Control Protocol [TCP], UDP) - Kerberos authentication

53 (Transmission Control Protocol [TCP], User Datagram Protocol [UDP]) - Domain Name System (DNS).

using active directory sites and tools

create a site name and sunet for the dmz

0 Helpful

bs0000554
Level 1
Level 1

‎10-29-2002 04:54 PM

you need also to fix the ports TCP in the registry for the MTA;DS;IS and X400 connector exchenge services whit a non-used TCP ports ( see RFC1170 ).

You can fix this docs to fix this ports in Microsoft Tecnet.

After this you need only to open the 135 port TCP + 4 ports TCP that you have fixed for the exchange services.

thats work ! we can "jail" Microsoft RPC services

0 Helpful
Customers Also Viewed These Support Documents