Windows Media Server in DMZ

molivas · ‎02-08-2007

Hey All,

I have a PIX 515E 7.2(2) with a Win2003 Server in the DMZ. I can stream traffic without problem's internally but externally it just doesn't work. I have all of the required ports open ( 1755, 554, 80, UDP -1024-5000,...) and there is nothing dropped in the logs but streaming doesn't work. If I move the Media Server out from behind the PIX it works great but behind the PIX it doesn't work. I can get to the web server on the media server but I'm not able to stream. What gives? I'm sure I've forgotten to add some detail's here but I'll be happy to add any info needed. Thanks!

Fernando_Meza · ‎02-08-2007

hi .. I am assuming you have configured a one to one static NAT and that you have allowed incoming traffic on the ports you mentioned on the access-list applied to the outside interface correct ..?

molivas · ‎02-09-2007

Yes, you are correct. I have a one to one static NAT and have allowed incoming traffic on the outside interface for the ports I mentioned. I have also used the Packet Tracer in ASDM and it says the traffic will be accepted for all of the necessary ports from the outside to the DMZ.

jain.nitin · ‎02-11-2007

check the fixup protocol in your configuration for RTSP protocol.

molivas · ‎02-14-2007

I don't believe 7.2(2) uses the fixup command anymore.

daviddtran · ‎02-14-2007

what are you talking about? See below:

CiscoPix# sh ver

Cisco PIX Security Appliance Software Version 7.2(2)

Device Manager Version 5.2(2)

Compiled on Wed 22-Nov-06 14:16 by builders

System image file is "flash:/pix722.bin"

Config file at boot was "startup-config"

CiscoPix up 9 days 4 hours

Hardware: PIX-525, 128 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash E28F400B5T @ 0xfffd8000, 32KB

0: Ext: Ethernet0 : address is 0004.c161.5536, irq 10

1: Ext: Ethernet1 : address is 0004.c161.5537, irq 11

2: Ext: Ethernet2 : address is 0002.b318.0a83, irq 11

Licensed features for this platform:

Maximum Physical Interfaces : 6

Maximum VLANs : 25

Inside Hosts : Unlimited

Failover : Disabled

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 0

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has a Restricted (R) license.

Serial Number: xxxxxxx

Running Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Configuration last modified by enable_15 at 20:54:46.084 UTC Wed Feb 14 2007

CiscoPix# conf t

CiscoPix(config)# fixup protocol ftp 21

INFO: converting 'fixup protocol ftp 21' to MPF commands

CiscoPix(config)#

David

molivas · ‎02-14-2007

Thanks for the response and you are correct there is legacy support for the fixup command but I'm not actually using RTSP for streaming, I'm using ms-streaming(1755). I had opened RTSP but after watching some successful connections from my inside interface I could see that it wasn't needed when connecting from windows media player.

molivas · ‎02-14-2007

Okay, I am wrong about not using RTSP. I just checked a streaming connection and it is using RTSP so disregard my last comment. I'll try turning of inspection for RTSP.