Core issue
Need to allow the following ports through the PIX: TCP 135, TCP 137 and UDP 139
Resolution
Ensure that an access list or conduit is created to allow the following ports through the PIX/ASA firewall.
For example, to allow DMZ users to map Windows drives with machines on the inside (where 10.10.10.0 is the inside network), use the following commands.
static (inside, dmz) 10.10.10.0 10.10.10.0 netmask 255.255.255.0
access-list DMZ permit tcp any 10.10.10.0 255.255.255.0 eq 135
access-list DMZ permit tcp any 10.10.10.0 255.255.255.0 eq 137
access-list DMZ permit udp any 10.10.10.0 255.255.255.0 eq 139
access-group dmz in interface DMZ
For more information about using access lists on the PIX, see Using nat, global, static, conduit, and access-list Commands and Port Redirection on PIX.
PIX Software Version
PIX version 7.x
PIX version 4.x
PIX version 5.x
PIX version 6.x
ASA Software Version
7.0
7.1
7.2