Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2277
Views
0
Helpful
0
Comments

Cannot map Windows shares through the PIX/ASA

TCC_2
Level 10
Level 10

‎06-18-2009 04:03 PM - edited ‎03-08-2019 06:07 PM

Core issue

Need to allow the following ports through the PIX: TCP 135, TCP 137 and UDP 139

Resolution

Ensure that an access list or conduit is created to allow the following ports through the PIX/ASA firewall.

  • TCP 135
  • TCP 137
  • UDP 139

For example, to allow DMZ users to map Windows drives with machines on the inside (where 10.10.10.0 is the inside network), use the following commands.

static (inside, dmz) 10.10.10.0 10.10.10.0 netmask 255.255.255.0
access-list DMZ permit tcp any 10.10.10.0 255.255.255.0 eq 135
access-list DMZ permit tcp any 10.10.10.0 255.255.255.0 eq 137
access-list DMZ permit udp any 10.10.10.0 255.255.255.0 eq 139
access-group dmz in interface DMZ

For more information about using access lists on the PIX, see Using nat, global, static, conduit, and access-list Commands and Port Redirection on PIX.

PIX Software Version

PIX version 7.x

PIX version 4.x

PIX version 5.x

PIX version 6.x

ASA Software Version

7.0

7.1

7.2

Labels:
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents