From: David (david_knot@xxxxxxxxx)
Date: Wed May 22 2002 - 12:39:41 GMT-3
see answers below:
--- "Church, Chuck" <cchurch@USTA.com> wrote:
> David,
>
> Have you troubleshot all the layers of the problem?
Can you ping the mail server from the client by
address?
>>>>Yes
By name?
>>>> yes
Can you map a drive,
>>>>YEs
> to see if netbios and MS name resolution is working?
>>>>YEs
> Are you able to login to the domain? Yes
Right when you click on that folder
> to bring it up, run a
> 'netstat' in a DOS window. That tells you what your
> machine is trying to
access.
>>>> Will do
>Also, you're using an all ones subnet 172.17.255.x
for the pool. > Does NT have any issues with that?
>>>> Don't know, will change it
> Chuck Church
> Sr. Network Engineer
> CCIE #8776, MCNE, MCSE
> US Tennis Association
> 70 W. Red Oak Lane
> White Plains, NY 10604
> 914-696-7199
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> David
> Sent: Wednesday, May 22, 2002 10:02 AM
> To: ccielab@groupstudy.com
> Subject: re: OT: PIX, Router VPN vs PC VPN
>
>
> As per discussion below, I've got PIX --> PC VPN
> working all fine, except for Exchnage email. When
> clicking on the user folder in Outlook it reports
> "folder can't be displayed"
>
> here is the config, if you have any ideas
>
> fw# wr t
> Building configuration...
> : Saved
> :
> PIX Version 6.0(2)
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> nameif ethernet2 intf2 security10
> nameif ethernet3 intf3 security15
> nameif ethernet4 intf4 security20
> nameif ethernet5 intf5 security25
> hostname fw
> domain-name dott.com
> fixup protocol ftp 21
> fixup protocol http 80
> fixup protocol h323 1720
> fixup protocol rsh 514
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol sip 5060
> fixup protocol skinny 2000
> fixup protocol rtsp 554
> names
> access-list 100 permit icmp any any echo
> access-list 100 permit icmp any any echo-reply
> access-list 100 permit icmp any any time-exceeded
> access-list 100 permit icmp any any unreachable
> access-list 100 permit tcp any host 198.22.129.147
> eq
> smtp
> access-list 100 permit tcp any host 198.22.129.147
> eq
> www
> access-list 100 permit tcp any host 198.22.129.148
> eq
> telnet
> access-list 100 permit tcp any host 198.22.129.148
> gt
> 2000
>
> access-list 101 permit ip 172.16.0.0 255.255.0.0
> 172.17.0.0 255.255.0.0
> pager lines 24
> logging on
> logging buffered errors
> logging trap notifications
> logging history notifications
> interface ethernet0 10baset
> interface ethernet1 10baset
> interface ethernet2 auto shutdown
> interface ethernet3 auto shutdown
> interface ethernet4 auto shutdown
> interface ethernet5 auto shutdown
> mtu outside 1500
> mtu inside 1500
> mtu intf2 1500
> mtu intf3 1500
> mtu intf4 1500
> mtu intf5 1500
> ip address outside 198.22.129.146 255.255.255.240
> ip address inside 172.16.6.100 255.255.0.0
> ip address intf2 127.0.0.1 255.255.255.255
> ip address intf3 127.0.0.1 255.255.255.255
> ip address intf4 127.0.0.1 255.255.255.255
> ip address intf5 127.0.0.1 255.255.255.255
> ip audit info action alarm
> ip audit attack action alarm
> ip local pool ippool 172.17.255.0-172.17.255.254
> no failover
> failover timeout 0:00:00
> failover poll 15
> failover ip address outside 0.0.0.0
> failover ip address inside 0.0.0.0
> failover ip address intf2 0.0.0.0
> failover ip address intf3 0.0.0.0
> failover ip address intf4 0.0.0.0
> failover ip address intf5 0.0.0.0
> pdm history enable
> arp timeout 14400
> global (outside) 1 198.22.129.158
> nat (inside) 0 access-list 101
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> static (inside,outside) 198.22.129.148
> 172.16.255.148
> netmask 255.255.255.255 0 0
>
> static (inside,outside) 198.22.129.147 172.16.6.21
> netmask 255.255.255.255 0 0
> static (inside,outside) 198.22.129.155
> 172.16.255.155
> netmask 255.255.255.255 0 0
>
> access-group 100 in interface outside
> route outside 0.0.0.0 0.0.0.0 198.22.129.145 1
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
> rpc 0:10:00 h323 0:05:00 si
> p 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> sysopt connection permit-ipsec
> no sysopt route dnat
> crypto ipsec transform-set myset esp-des
> esp-md5-hmac
> crypto dynamic-map dynmap 10 set transform-set myset
> crypto map mymap 10 ipsec-isakmp dynamic dynmap
> crypto map mymap interface outside
> isakmp enable outside
> isakmp identity address
> isakmp policy 10 authentication pre-share
> isakmp policy 10 encryption des
> isakmp policy 10 hash md5
> isakmp policy 10 group 2
> isakmp policy 10 lifetime 86400
> vpngroup vpn3000 address-pool ippool
> vpngroup vpn3000 dns-server 172.16.6.20
> vpngroup vpn3000 wins-server 172.16.6.20
> vpngroup vpn3000 default-domain dott.com
> vpngroup vpn3000 split-tunnel 101
> vpngroup vpn3000 idle-time 1800
> vpngroup vpn3000 password ???????
> telnet 172.16.0.0 255.255.0.0 inside
> telnet timeout 5
> ssh timeout 5
> terminal width 80
> : end
>
>
> --------------------
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> David
> Sent: 14 May 2002 10:35
> To: ccielab@groupstudy.com
> Subject: OT: PIX, Router VPN vs PC VPN
>
>
> Guys
> Need some input on this.
>
> Office ADSL to Internet. 1750 with ADSL interface
> connects to ISP. PIX 520 used.
>
> Employees have ADSL at home to Internet with 1750
> ADSL
> router interface.
>
> The question= to grant access to employees (from
> their
> homes) to office LAN,
>
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:04 GMT-3