Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pix configuration help please

We have a Pix 20 (v.6.2(2)). We are trying to configure the pix so that it can pass Windows 2000 authentication (Kerberos) to the inside network from the DMZ. What is the correct and saftest way to do so.

Thanks in advance,

Tou

2 REPLIES
New Member

Re: Pix configuration help please

Tou

You will need to set up a static to be able to pass traffic from a lower security level to a higher security level dmz-->inside

static (inside,dmz) 65.xxx.xxx.xxx 10.x.x.x netmask 255.255.255.255

Then I would set up a access list or set of conduits to allow port 750 and any others that MS would like to use for the authentication proccess.. I would also resict it down even further by adding hosts or machines that can talk to the inside network from the DMZ. Never reall felt comfortable allowing the DMZ to talk to a inside interface...

Hope this helps

If there is a better way I am willing to learn :)

New Member

Re: Pix configuration help please

The static part is working. We just can't pass to the inside (88 and 750 is both open). Any suggestion will be apprecciated.

Thanks,

Tou

96
Views
0
Helpful
2
Replies