Windows Media Server in DMZ

Unanswered Question

Hey All,

I have a PIX 515E 7.2(2) with a Win2003 Server in the DMZ. I can stream traffic without problem's internally but externally it just doesn't work. I have all of the required ports open ( 1755, 554, 80, UDP -1024-5000,...) and there is nothing dropped in the logs but streaming doesn't work. If I move the Media Server out from behind the PIX it works great but behind the PIX it doesn't work. I can get to the web server on the media server but I'm not able to stream. What gives? I'm sure I've forgotten to add some detail's here but I'll be happy to add any info needed. Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Fernando_Meza Thu, 02/08/2007 - 17:14

hi .. I am assuming you have configured a one to one static NAT and that you have allowed incoming traffic on the ports you mentioned on the access-list applied to the outside interface correct ..?

jain.nitin Sun, 02/11/2007 - 00:34

check the fixup protocol in your configuration for RTSP protocol.

daviddtran Wed, 02/14/2007 - 13:40

what are you talking about? See below:

CiscoPix# sh ver

Cisco PIX Security Appliance Software Version 7.2(2)

Device Manager Version 5.2(2)

Compiled on Wed 22-Nov-06 14:16 by builders

System image file is "flash:/pix722.bin"

Config file at boot was "startup-config"

CiscoPix up 9 days 4 hours

Hardware: PIX-525, 128 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash E28F400B5T @ 0xfffd8000, 32KB

0: Ext: Ethernet0 : address is 0004.c161.5536, irq 10

1: Ext: Ethernet1 : address is 0004.c161.5537, irq 11

2: Ext: Ethernet2 : address is 0002.b318.0a83, irq 11

Licensed features for this platform:

Maximum Physical Interfaces : 6

Maximum VLANs : 25

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has a Restricted (R) license.

Serial Number: xxxxxxx

Running Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Configuration last modified by enable_15 at 20:54:46.084 UTC Wed Feb 14 2007

CiscoPix# conf t

CiscoPix(config)# fixup protocol ftp 21

INFO: converting 'fixup protocol ftp 21' to MPF commands

CiscoPix(config)#

David

Thanks for the response and you are correct there is legacy support for the fixup command but I'm not actually using RTSP for streaming, I'm using ms-streaming(1755). I had opened RTSP but after watching some successful connections from my inside interface I could see that it wasn't needed when connecting from windows media player.

Actions

This Discussion