From: David (david_knot@xxxxxxxxx)
Date: Thu May 23 2002 - 07:16:52 GMT-3
it was name resultion issue. used a lmhost file all is
ok
thanks all for help
--- p729@cox.net wrote:
> It might be caused by a host or NetBIOS (can't
> remember what Exchange uses) name resolution
> problem. Are all of the resources (users' message
> store/inbox, public and private folders) on one
> machine reachable by the same name?
>
> Try populating the hosts and lmhosts files on the
> client with the name(s) and IP address(es) of the
> relavant hosts as an experiment and see if that
> helps. Remember to reboot the client or at least
> reload the NetBIOS name cache (nbtstat -R) before
> testing.
>
> Regards,
>
> Mas Kato
> https://ecardfile.com/id/mkato
>
============================================================
> From: David <david_knot@yahoo.com>
> Date: 2002/05/22 Wed AM 10:01:30 EDT
> To: ccielab@groupstudy.com
> Subject: re: OT: PIX, Router VPN vs PC VPN
>
> As per discussion below, I've got PIX --> PC VPN
> working all fine, except for Exchnage email. When
> clicking on the user folder in Outlook it reports
> "folder can't be displayed"
>
> here is the config, if you have any ideas
>
> fw# wr t
> Building configuration...
> : Saved
> :
> PIX Version 6.0(2)
> nameif ethernet0 outside security0
> nameif ethernet1 inside security100
> nameif ethernet2 intf2 security10
> nameif ethernet3 intf3 security15
> nameif ethernet4 intf4 security20
> nameif ethernet5 intf5 security25
> hostname fw
> domain-name dott.com
> fixup protocol ftp 21
> fixup protocol http 80
> fixup protocol h323 1720
> fixup protocol rsh 514
> fixup protocol smtp 25
> fixup protocol sqlnet 1521
> fixup protocol sip 5060
> fixup protocol skinny 2000
> fixup protocol rtsp 554
> names
> access-list 100 permit icmp any any echo
> access-list 100 permit icmp any any echo-reply
> access-list 100 permit icmp any any time-exceeded
> access-list 100 permit icmp any any unreachable
> access-list 100 permit tcp any host 198.22.129.147
> eq
> smtp
> access-list 100 permit tcp any host 198.22.129.147
> eq
> www
> access-list 100 permit tcp any host 198.22.129.148
> eq
> telnet
> access-list 100 permit tcp any host 198.22.129.148
> gt
> 2000
>
> access-list 101 permit ip 172.16.0.0 255.255.0.0
> 172.17.0.0 255.255.0.0
> pager lines 24
> logging on
> logging buffered errors
> logging trap notifications
> logging history notifications
> interface ethernet0 10baset
> interface ethernet1 10baset
> interface ethernet2 auto shutdown
> interface ethernet3 auto shutdown
> interface ethernet4 auto shutdown
> interface ethernet5 auto shutdown
> mtu outside 1500
> mtu inside 1500
> mtu intf2 1500
> mtu intf3 1500
> mtu intf4 1500
> mtu intf5 1500
> ip address outside 198.22.129.146 255.255.255.240
> ip address inside 172.16.6.100 255.255.0.0
> ip address intf2 127.0.0.1 255.255.255.255
> ip address intf3 127.0.0.1 255.255.255.255
> ip address intf4 127.0.0.1 255.255.255.255
> ip address intf5 127.0.0.1 255.255.255.255
> ip audit info action alarm
> ip audit attack action alarm
> ip local pool ippool 172.17.255.0-172.17.255.254
> no failover
> failover timeout 0:00:00
> failover poll 15
> failover ip address outside 0.0.0.0
> failover ip address inside 0.0.0.0
> failover ip address intf2 0.0.0.0
> failover ip address intf3 0.0.0.0
> failover ip address intf4 0.0.0.0
> failover ip address intf5 0.0.0.0
> pdm history enable
> arp timeout 14400
> global (outside) 1 198.22.129.158
> nat (inside) 0 access-list 101
> nat (inside) 1 0.0.0.0 0.0.0.0 0 0
> static (inside,outside) 198.22.129.148
> 172.16.255.148
> netmask 255.255.255.255 0 0
>
> static (inside,outside) 198.22.129.147 172.16.6.21
> netmask 255.255.255.255 0 0
> static (inside,outside) 198.22.129.155
> 172.16.255.155
> netmask 255.255.255.255 0 0
>
> access-group 100 in interface outside
> route outside 0.0.0.0 0.0.0.0 198.22.129.145 1
> timeout xlate 3:00:00
> timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00
> rpc 0:10:00 h323 0:05:00 si
> p 0:30:00 sip_media 0:02:00
> timeout uauth 0:05:00 absolute
> aaa-server TACACS+ protocol tacacs+
> aaa-server RADIUS protocol radius
> no snmp-server location
> no snmp-server contact
> snmp-server community public
> no snmp-server enable traps
> floodguard enable
> sysopt connection permit-ipsec
> no sysopt route dnat
> crypto ipsec transform-set myset esp-des
> esp-md5-hmac
> crypto dynamic-map dynmap 10 set transform-set myset
> crypto map mymap 10 ipsec-isakmp dynamic dynmap
> crypto map mymap interface outside
> isakmp enable outside
> isakmp identity address
> isakmp policy 10 authentication pre-share
> isakmp policy 10 encryption des
> isakmp policy 10 hash md5
> isakmp policy 10 group 2
> isakmp policy 10 lifetime 86400
> vpngroup vpn3000 address-pool ippool
> vpngroup vpn3000 dns-server 172.16.6.20
> vpngroup vpn3000 wins-server 172.16.6.20
> vpngroup vpn3000 default-domain dott.com
> vpngroup vpn3000 split-tunnel 101
> vpngroup vpn3000 idle-time 1800
> vpngroup vpn3000 password ???????
> telnet 172.16.0.0 255.255.0.0 inside
> telnet timeout 5
> ssh timeout 5
> terminal width 80
> : end
>
>
> --------------------
>
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
> David
> Sent: 14 May 2002 10:35
> To: ccielab@groupstudy.com
> Subject: OT: PIX, Router VPN vs PC VPN
>
>
> Guys
> Need some input on this.
>
> Office ADSL to Internet. 1750 with ADSL interface
> connects to ISP. PIX 520 used.
>
> Employees have ADSL at home to Internet with 1750
> ADSL
> router interface.
>
> The question= to grant access to employees (from
> their
> homes) to office LAN,
>
> Should we have 1750 <-> PIX VPN
> or user home PC <-> PIX VPN ?
>
> Some employees do not have ADSL, so have to use PC
> <->
> PIX VPN.
>
> Where can I find step by step procedure for both of
> the above scenarios?
>
>
>
=== message truncated ===
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:05 GMT-3