I have one PIX515 with two interfaces. In the inside interface is my Primary Domain Controller PDC with windows 2000 advanced server and in the outside interface are all my users running windows 2000. I have openened all the necesary ports in the PIX (all the ports for test purposes) but I can't:
1) Share folders between the users with windows 2000.
2) Get folders from the computers in the inside interface (other servers that I have)
3) When I try to connect to SQL I have an error in the authentication that says: "Could not generate SSPI context"
First, I would make sure that I have the statics setup properly. Second, if you are using access-lists or conduits, I would allow everything and see if you can get a connection that way. If you can, you should be able to look at the ports being sent through the PIX (issue the command "sh conn" and you will be able to determine them). The you can see if your access control is setup properly.
What do your translation statements look like, your authentications may be failing because you are not returning the proper source/destination information (kerberos key exchange fails) can you post your static/conduit/access-list statements and your nat/global statements?
I got the same issue. I am setting up a PIX 520 UR Firewall here at University of Washington and I can login to the Active Directory Win2K domain and the Login scripts executes and established the connection to the necessary NETBIOS network shares. I opened the necessary port (or so I think). Conduit rules are included below, specifically, I am getting a Kerberos Error with Event ID 7 stating that The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was ????????????_ and lookup type 0x100.
Once I login to the domain, and try to use Active Directory for Users and Computers, I get an error message that the RPC Server is not available?
There is a Cisco article on how to setup PIX with Windows NT ((not Win2K) and WINS to login to the domain and connect to network shares. You can find the article at:
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :