PIX access-list [7:70022]
I'm trying to allow inbound UDP traffic from the DMZ web server to the inside BDC. I'm getting the following: 2003-05-23 15:02:45 Local4.Critical 10.0.1.1 May 23 2003 15:02:19: %PIX-2-106006: Deny inbound UDP from 172.16.2.2/137 to 10.0.1.19/137 on interface dmz I have the following entries in the access-list: access-list LAN permit tcp host 172.16.2.2 host 10.0.1.19 eq 135 access-list LAN permit udp host 172.16.2.2 host 10.0.1.19 eq 137 access-list LAN permit udp host 172.16.2.2 host 10.0.1.19 eq 138 access-list LAN permit tcp host 172.16.2.2 host 10.0.1.19 eq 139 When I perform a show access-list, I don't see any hit counts. I do have a static translation for the public to private IP for the BDC, but that shouldn't matter. I'm not sure if I even need to allow this, but it shows up in my KIWI syslog. Could someone please tell me what's missing to stop the deny inbound? Thanks. Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70022t=70022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX access-list [7:70022]
This is possible because you are using win2k now and if that is the case for AD stuff you need to open port 445 also. -Original Message- From: jmullins1 [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2003 4:52 PM To: [EMAIL PROTECTED] Subject: PIX access-list [7:70022] I'm trying to allow inbound UDP traffic from the DMZ web server to the inside BDC. I'm getting the following: 2003-05-23 15:02:45 Local4.Critical 10.0.1.1 May 23 2003 15:02:19: %PIX-2-106006: Deny inbound UDP from 172.16.2.2/137 to 10.0.1.19/137 on interface dmz I have the following entries in the access-list: access-list LAN permit tcp host 172.16.2.2 host 10.0.1.19 eq 135 access-list LAN permit udp host 172.16.2.2 host 10.0.1.19 eq 137 access-list LAN permit udp host 172.16.2.2 host 10.0.1.19 eq 138 access-list LAN permit tcp host 172.16.2.2 host 10.0.1.19 eq 139 When I perform a show access-list, I don't see any hit counts. I do have a static translation for the public to private IP for the BDC, but that shouldn't matter. I'm not sure if I even need to allow this, but it shows up in my KIWI syslog. Could someone please tell me what's missing to stop the deny inbound? Thanks. Jeff Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70026t=70022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: PIX access-list [7:70022]
Silly thing to overlook, but best to check anyway is that you have applied the ACL to the correct interface Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=70053t=70022 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]