Can't get to windowsupdate.microsoft.com from inside DMZ
From my inside interface, users have no problem geting Microsoft updates. Not so from within my DMZ. Even though I have the PIX configured to allow the PC in the DMZ to start an outbound connection (i.e. browser can get to web servers on the Internet just fine), the "windowsupdate" page does not work. On a Sniffer, I can see what I assume is ActiveX trying to start return connections on high port numbers, in order to do the "scan for updates". Nevertheless, even though I tried to make it wide open for inbound connections to this particular PC, I still could not get it to work. Can anybody please tell me what I'm missing here?
Re: Can't get to windowsupdate.microsoft.com from inside DMZ
Are you performing ActiveX filtering on the PIX for any interface? Have you tried to put this PC that does not work in the DMZ on the "Inside" network with the same result, or is it able to update accordingly?
What other inbound or outbound filters do you have setup for your Outside Interface, DMZ, and Inside interface?
There is probably just something simple that you haven't caught yet.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...