cisco4ng a écrit :
scenario:
hostA---FWA---Internet---FWB---hostB
FWA is a Cisco Pix version 7.2(1)
FWB is running NGx R61 with HFA_01 running on IPSO 4.1 build 19
hostA is a windows XP Pro. with Service Pack 2 and latest patches
hostB is Windows 2003 Service Pack 1 with latest patches
I have site-to-site VPN between FWA and FWB. VPN is up and running
and everything is allowed through the VPN tunnel.
HostB is an Microsoft AD Controller, let call it nxia. When I tried to
add hostA into domain nxia, I am seeing this in the smartview tracker:
Number: 1917
Date: 29Oct2006
Time: 9:51:16
Product: SmartDefense
Interface: eth3c0
Origin: 10.209.84.36
Type: Log
Action: Reject
Service: gmsRPC-tcp (135)
Source: 198147010097.nxia.com (192.168.1.97)
Destination: h_10.85.84.27 (10.85.84.27)
Protocol: tcp
Source Port: 1257
Attack Name: DCE-RPC Enforcement Violation
Information: DCE-RPC Interface UID:
e3514235-4b06-11d1-ab04-00c04fc2dcd2
Attack Information: UUID is not allowed through the Rule Base
Furthermore, if I add another Microsoft Windows 2003 Enterprise Server,
hostC, behind FWA, and I tried to make hostC another AD controller of
nxia domain, it fails with the same error that I am getting above.
It seems to me that NGx R61 (even with HFA_01) is having issues with
Microsoft AD to properly across the firewall.
I've been researching Checkpoint Knowledge base and from those SKs, it
seems that Checkpoint has fixed this in HFA_04 or NGx R60 or HFA_01 in
NGx R61. But it is not working for me. The SKs are sk25562, sk31245 and
sk31166. I tried to modify the dcercp.def file but these knowledge base is for
NG AI or NGx R60 and not R61.
Anyone is running into similar issue like this one and how do you fix this? thanks.
there is a workaround proposed by microsoft about this issue (the uuid
on 2003 sp1 are not the same).
http://support.microsoft.com/kb/899148/fr
I never tried this, but I hope this'll work for you.
cisco4ng
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses
http://fr.answers.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
