WIN2K/NT Share Access Traffic Across Different Interface
We have a PIX 525 Firewall. Both inbound and outbound traffic works fine for Web access for users on all 4 interfaces. I have following question:
1. How to configure PIX for users on higher security interface to access WIN2K/NT share on lower security interface? Same question from lower security interface to higher security interface?
2. How to configure PIX to work for different NT domain on different interface to trust each other? ( from high security to low security and from low security to high security interface). Same question for user to map a driver letter to a server on different interface.
Re: WIN2K/NT Share Access Traffic Across Different Interface
Thank you very much Nairi. The above link is very helpful and is the one that I am looking for. But I need more help from you to make it work. Below is my question:
1. We have 4 interfaces. Users and workstation on Inside interface (higher security) is on NT Domain A and need to map a drive letter ( and access shared folder) on server on Domain B which is on Intf2 interface (lower security). How to config PIX to establish two way trusts between Domain A and B on Inside and Intf2 interfaces? I have following config for users at Intf2 to access Inside. IP 192.168.3.109 on Inside interface is Domain Controller with WINS and DNS installed.
access-list acl_intf2 permit udp any host 192.168.2.205 eq 137
access-list acl_intf2 permit udp any host 192.168.2.205 eq 138
access-list acl_intf2 permit tcp any host 192.168.2.205 eq 139
access-list acl_intf2 permit udp any host 192.168.2.205 eq 53
access-list acl_intf2 permit tcp any host 192.168.2.205 eq 53
access-group acl_intf2 in interface intf2
The following config is for user and workstation at Inside to access Intf2:
nat (inside) 1 0 0
global (intf2) 1 192.168.2.210-192.168.2.250 netmask 255.255.255.0
global (intf2) 1 192.168.2.251 netmask 255.255.255.0
The test result is that users at Inside can not map drive letter ( and access Shared folder ) on server on Intf2. Same problem from Intf2 to Inside. But we have configuration on PIX for user at Inside & Outside to access Web server on Inft2. This is working fine.
2. Do you need to open Netlogon port UDP 138 ,NetBIOS port UDP137 and Shared Folder Port TCP 139 for traffics from Inside interface to Intf2 interface? If yes, how to do it? To my knowledge, all ports and all traffics are wide open from higher security interface to lower security interface. All your need is NAT & Global command. Am I right?
I would be much appreciated if you can help me to find the answer.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :