Link to home
Start Free TrialLog in
Avatar of Webcc
WebccFlag for United States of America

asked on

Pix configuration to allow outside network access to inside Windows server

Have the following network: (subnet) -------- switch  (Windows Server 2003 & 6 workstations)
                                                |  (inside
                                                |  (outside
                                                | (subnet) -------- switch ---------- Internet router

Right now they are two seperate networks, but have the need to connect 3 users on the subnet to not only connect to the Windows server (same subnet) but the Internet subnet as well.  Additionally, have 1 user on the Internet subnet who needs to get to the Windows server.  This is the owner and does not want to be on the subnet (paranoid).   We have a Pix 501 lying around no $$ to purchase a router.  Placed in between the networks solves the problem, but cannot create access-list for (outside) to access (inside) Windows Server.

static (inside, outside)
access-list 101 permit tcp any host eq 135
access-list 101 permit tcp any host eq 139
access-list 101 permit udp any host eq 137
access-list 101 permit udp any host eq 138
access-group 101 in interface outside

Explanation: = Windows server = Outside user
Avatar of ErnieExpert

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Webcc


Unfortunately, still not working.  Any additional ports that need to be opened?
Avatar of ErnieExpert

how are you trying to access the server.  Are you using UNC?  Try \\ from the client machine.
Avatar of Webcc


Was trying \\
Should I be pointing to the outside side since that should translate to 0.200?
imagine you are hosting a web server.  Users from the outside would have no knowledge or access to your private IPs, they would use the public IP.  Same scenario applies here.