02-14-2002 05:13 AM - edited 02-21-2020 11:36 AM
Hello everyone..
Last night we setup a Pix 506.. we're using pre-shared keys.. and we can connect to the network.. but we're seeming to have netbios problems.. we can't fully browse the inside network from the remote location. i can't check email.. ping by netbios names ( but i can ping the inside remote network by IP (10.0.0.0 scheme) so i know im connecting.. but it seems to be a netbios problem. Anyone had this problem?.. Any suggestions?
02-14-2002 02:09 PM
1. Is this a site to site VPN (Router to Pix)?
a.If so what IOS on the router are you using (the flash file name)?
2. Are you using the nat (inside) 0 command on the 506 to pass IPSEC traffic?
If all these questions are yes, then an access-list somewhere (probably the outgoing access-list bound to the inside interface on the 506) is denying, at a minimum, one or more of the following ports.
TCP port 135 - Allow client to come in via MSRPC
TCP port 139 - The netbios connection. This port is the connection that is maintained during the MAPI session. If you do a netstat -a -n, you will see that you have an "established" connection to IP of mail server:139 while Outlook is open.
UDP port 137 and port 138 - used by WINS and Exchange to allow updates of new changes. (Such as new email being sent to an Outlook client's inbox).
Also, there are 2 tcp ports in the range of 1024-65536 that are used to deliver mail back from the client.
I can get more specific if this is close to your setup.
RJ
03-01-2002 02:54 PM
try setting your MTU to 1400
and add an ip-helper address for your VPN subnet
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide