Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MTS not passing through the PIX

I recently moved an IIS web server into my firewall DMZ. One of the websites on it authenticates users against a Microsoft SQL database using Microsoft Transaction Server that is on my internal network. Actually, once it moves into the DMZ it no longer authenticates. But as soon as I move the box to the internal network it runs fine. The IIS server behaves just fne for any other process, http, ping, etc...My access list from the DMZ is allowing all IP traffic, so there is no port manipulation that I am aware of. Any Ideas?

current DMZ access list:

access-list DMZ permit ip any 10.1.0.0 255.255.0.0

access-list DMZ permit icmp any any

access-list DMZ permit ip any 10.2.0.0 255.255.0.0

Thanks

Todd

4 REPLIES
New Member

Re: MTS not passing through the PIX

have you compared the access-lists from internal and DMZ? Is there any VPN's setup? (sometimes I think the VPN config will alter what traffic comes through and doesnt on that interface it seems)

What model of firewall do you have? a 515e? or higher?

You may have already thought of most of this, but it doesnt hurt to suggest it in case you havent. :)

Hope you get it fixed.

New Member

Re: MTS not passing through the PIX

I have no access-list on my internal interface and I am using a 525 running 6.2(2) and no VPN. The vendor who runs this application claims that SOME firewalls don't handle MTS correctly, but I can not find anything that says the Pix has any such problem.

Thanks for your input.

Todd

New Member

Re: MTS not passing through the PIX

Do you have address translantion defined? Even if you don't want the addresses to changes from inside - DMZ, you need to define static mappings for those servers.

New Member

Re: MTS not passing through the PIX

Anything else in the DMZ works just fine, it is just this particular communication.

Here are my static statements between the DMZ and the inside interface:

static (inside,DMZ) 10.1.0.0 10.1.0.0 netmask 255.255.0.0 0 0

static (inside,DMZ) 10.2.0.0 10.2.0.0 netmask 255.255.0.0 0 0

132
Views
0
Helpful
4
Replies
CreatePlease login to create content