Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Sorted my LocalDirector problem, Now I have a Timbuktu problem

Ok, I'm using a DMZ on a pix 515E to go down to a pair of servers running Timbuktu (I'd never heard of it previously either) This little baby uses UDP407 for handshaking then TCP ports 1417 through 1420 for other tasks. On top of that it also runs dynamic UDP and TCP ports. Surprises surprise it isn't working.

I have tried various permutations of ACL. Including permit UDP and permit TCP any just to get it going. A debug UDPproto shows that the application hits the firewall from the trusted ip address specified in the ACL and is directed to the global address in the static command. It then does no more.

I can ping the target server from the PIX. Would the fixup protocol command be a good way to go on this one?

Help would be appreciated.

Steve N.

For those of you who are interested. The loadbalancers I had behind the inside interface needed an:

ACL to permit tcp any host <public_ip> eq www

Static to translate from the public_IPs to the virtual_IPs on the loadbalancer.

The inside interface of the PIX designated as the gateway for the servers.

Horribly straightforward in the end.

1 REPLY
Silver

Re: Sorted my LocalDirector problem, Now I have a Timbuktu probl

Hi,

I would double check the following:Routing. Can you ping the servers from outside the firewall (You will have to allow ICMP traftic for this). Also check the NAT part of your configuration (nat and global) and see if the translations are working OK.

I am not sure what the fixup command does. Can anyone tell what exactly it does and wheater it can help in this case.

84
Views
0
Helpful
1
Replies