Firewall Wizards mailing list archives
Cisco FWSM/ASA Question
From: Matthew Watkins <matt () idnet net>
Date: Fri, 27 Jul 2007 13:36:16 +0100
I'm investigating a problem with Windows clients computers situated behind a pair of redundant firewall services modules (installed in a Cisco Catalyst 6513 switch). There's a new domain controller on one VLAN, and our Windows/PC clients sit on another. Both networks are routed through the FWSM, and general network connectivity seems fine. The firewall blades are running the latest version of the FWSM/ASA code: FWSM Firewall Version 3.1(6) Basically, my Mac laptop running OS X seems to connect to all parts of the network without problems. It can mount shares, resolve DNS etc... However, the Windows desktop clients seem unable to logon to the domain when booted up behind the firewall. Initially, I thought the problem might be related to DNS protocol inspection, since we were seeing the log messages below: Jul 26 16:55:21 cam-sh-fw1-inside.redstardevelopment.com % FWSM-2-106007: Deny inbound UDP from 172.17.50.3/53 to 172.29.6.2/1026 due to DNS Response I've subsequently removed DNS inspection from the global default rules, but it hasn't made any difference. This is a new site which we are in the process of building, so the access-lists for both networks are currently wide open: access-list PERMISSIVE extended permit ip any any access-group PERMISSIVE in interface inside access-group PERMISSIVE in interface office-wired access-group PERMISSIVE in interface office-dmz We've created a stripped down domain user account, with no DFS shares or home drive mappings, and this user account can successfully login to the domain. Our servers are all running Win2K3. Any ideas what the problem might be? I'm not seeing messages in the logs, and I'm a bit confused about the possible cause... Any ideas gratefully received! - Matt _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco FWSM/ASA Question Matthew Watkins (Aug 01)
- Re: Cisco FWSM/ASA Question Paul Melson (Aug 01)
- Re: Cisco FWSM/ASA Question Matthew Watkins (Aug 21)
- Re: Cisco FWSM/ASA Question Farrukh Haroon (Aug 21)
- Re: Cisco FWSM/ASA Question Paul Melson (Aug 01)