One of our clients is using a PIX 525 whith SW 5.32. Now they have requested to enable the MSN Messenger service for their end users. Basically, it was not a problem, we have opened the port 1863 and could establish a connection to an outside user. The only feature which does not work is the direct file transfer between two clients. Is there any further configuration needed in order to enable this feature ? The inside clients use either NAT or PAT. We also have a couple of users for which we defined static translations. None of these configurations allow direct file transfers.
Take a look at your PIX debugging logs to determine which ports its trying to use. Im guessing its a high random UDP port. Youll probably have to open that range and it most likely wont work with your PAT clients. You might try some newer PIX code. Theyre always adding new fixups for such application compatibility.
Microsoft has a few Knowlegebase articles on this topics that could give you the insight you are looking for. You can start with "MSN Messenger Service Cannot Perform File Transfers or Make Voice Connections Through NAT (Q278887)" but I believe you will need to do some more searching as well.
For file transfer, Both incoming and outgoing TCP connections use this range of ports: 6891 to 6900. This allows up to 10 simultaneous file transfers per sender. If you open only Port 6891, users will be able to do only one file transfer at a time.
I hope it would help you.
Zeshan Mansoor Jalali
Network & Systems Engineer-AwalNet-Al-faisaliah Group
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :