Hi-- Find attached the config.

Note when I remove access-list 101 deny tcp any any eq 135, I can access find. Is there a way to make it work without removing the tcp eq 135?

Thanks

tcp 135 is netbios (WINS).

From the VPN client can you ping by hostname?

Do you have a WINS server?

Can you try your outlook with ip address of the exchng server?

Look at this kb from MS

http://support.microsoft.com/kb/q150543/

It tells you all the ports used by NT, WIN2Kx

-Vikas

Hi Vicas, I can ping the hostname.

When I open the TCP port 135, Ms outlook works fine. The problem is that I can permit TCP 135.

One of the options will be to allow outlook client to connect through a different port to the exchange.

I was wondering if there was no other option.

Thanks

Hello,

How have you configured the exchange server in outlook is a hostname like 'example' or 'example.com'.

If you have a domain name 'example.com' you should have a DNS resolver configured. and you should be pinging 'example.com' rather example.

If you have a DNS you should not face any problems.

Vikas

Hi Viskas,

Thanks, we have a DNS server which is resolving perfectly; I don't have any issue about name resolution (100%) fine.

The issue is that outlook needs to use the TCP port 135 to initiate the communication with the exchange server. That is the reason why when we allow TCP on port 135 we don't have the problem. But port 135 is use for DoS. So I’m looking for another option that will not expose us to DoS.

Thanks