This is possible because you are using win2k now and if that is the case
for AD stuff you need to open port 445 also.
-Original Message-
From: jmullins1 [mailto:[EMAIL PROTECTED]
Sent: Monday, June 02, 2003 4:52 PM
To: [EMAIL PROTECTED]
Subject: PIX access-list [7:70022]
I'm trying to allow inbound UDP traffic from the DMZ web server to the
inside BDC. I'm getting the following:
2003-05-23 15:02:45 Local4.Critical 10.0.1.1 May 23 2003 15:02:19:
%PIX-2-106006: Deny inbound UDP from 172.16.2.2/137 to 10.0.1.19/137 on
interface dmz
I have the following entries in the access-list:
access-list LAN permit tcp host 172.16.2.2 host 10.0.1.19 eq 135
access-list LAN permit udp host 172.16.2.2 host 10.0.1.19 eq 137
access-list LAN permit udp host 172.16.2.2 host 10.0.1.19 eq 138
access-list LAN permit tcp host 172.16.2.2 host 10.0.1.19 eq 139
When I perform a show access-list, I don't see any hit counts. I do
have a
static translation for the public to private IP for the BDC, but that
shouldn't matter. I'm not sure if I even need to allow this, but it
shows
up in my KIWI syslog. Could someone please tell me what's missing to
stop
the deny inbound? Thanks.
Jeff
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=70026t=70022
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
