Cisco Support Community
Community Member

Windows Domain issue across PIX

I have a windows 2k domain situated on a DMZ. On the inside dms I have windows 2k workstation. I want to add this workstation to the domain. No actual address translation is being used. I have opened up from the inside interface with an access list UDP 53,135,137,138 and TCP 53,135. The workstation only has DNS no WINS. DNS Lookup works okay. But when we try to add workstation to domain is fails, indicating it cannot find the domain. I see this is a commonish issue, but can't find an solution.....


Re: Windows Domain issue across PIX

This may not be a problem with PIX, this could be something to do with the Windows 2k Workstation that you have on DMZ

Community Member

Re: Windows Domain issue across PIX

It sounds like the PIX is blocking some other ports that the W2K workstation needs to join the domain.

Do you have Active Directory? If so, then other ports will have to be opened on the PIX for the communication to take place.

Some places to get started are to check MS Knowledge Base articles 291382, 247811, and 260371.

If you don't feel like trying to figure out which ports your workstation is communicating over, you could always get a sniffer and see what port numbers its attempting to speak to...

good luck.

CreatePlease to create content