Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
357
Views
0
Helpful
3
Replies

Pix and problems with internal DNS configuration (W2K AD Integrated DNS)

innerspaceservices
Level 1
Level 1

‎11-10-2003 02:32 AM - edited ‎02-20-2020 11:05 PM

Hiah

I have set up a Pix firewall and believe the problems to be with the internal DNS configuration and not the Pix.

I have been assigned a range of external IP addresses, for the following services:

17 - BT router

18 - External Wan - fixed wan

19 - SMTP - virtual static mapping

20 - OWA - Virtual static mapping

21 - FTP - virtual static mapping

22 - global address - and resolves on shields up

I have configured the firewall with access-lists and also static mappings for those addresses which I call virtual above.

I have 3 servers which provide the following services (all W2K servers)

192.168.1.1 - gateway - pix internal

192.168.1.2 - root domain controller, DNS, Wins

192.168.1.3 - domain controller, Exchange server 2k & OWA

192.168.1.7 - ftp server

There seems to be a problem with the Internal Active Directory integrated DNS server configuration, this is what I can or cannot do:

- to get www, I type in the gateway above and have no proxy settings in the internet options. I have to type in the local workstations DNS settings on the nic, an external dns server. I have setup forwarders on the internal DNS server (in the properties of the server container) I actually typed in a variety of external dns server ip addresses.

why can't I leave the primary and secondary dns ip addresses as the two internal dns servers, why do I have to insert an external ip dns server here.

- I am getting no resolution from external to internal to these:

ip address 19 assigned to the SMTP

IP address 20 assigned to OWA

ip address 21 assigned to ftp

- I have opened the firewall to ping in and out

- telnetting should be allowed also by default.

- everything I try is not resolved or unreachable

Does anybody know what needs doing on W2k internal DNS or perhaps I should be looking at something else.

I am not very good at DNS, so please explain exactly how to do the configuration...

Please help.

thanks very much

0 Helpful
3 Replies 3

lwierenga
Level 1
Level 1

‎11-10-2003 09:55 PM

Hopefully, this will help:

Specifically look at "Troubleshooting the Domain Locator Process"

http://support.microsoft.com/default.aspx?scid=http://support.microsoft.com:80/support/kb/articles/Q247/8/11.ASP&NoWebContent=1

0 Helpful

innerspaceservices
Level 1
Level 1
In response to lwierenga

‎11-11-2003 02:40 AM

had a go at all those commands and it was working fine.

I wondered if there is something specific I should be setting up in Internal DNS to make this pix firewall's static mappings work.

0 Helpful

anup_bekal
Level 1
Level 1

‎11-18-2003 02:45 AM

Hi

You can have a static mapping for your primary domain Controller as follows in your PIX Firewall

static(inside,outside) interface 192.168.1.2 netmask 255.255.255.255 0 0

Also an access list as follows

access-list outside_access_in permit udp any host 192.168.1.2 eq domain

Then enable Forwarders in the DNS of your Primary Domain Controller with the DNS Server IP Addresses of your ISP.

Configure your internal workstations with the DNS pointing your PDC.

Try this. Best of luck.

Please let me know if this works or not.

Regards

Anoop K Narayanan

NICBM Kuwait

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card