WMS with PIX 515 7.1

We recently installed a new Windows 2003 server with IIS, Exchange, and
WMS. It is sitting behind a PIX 515 with the newest Security Appliance
Software 7.1(1) installed.

Our internal network here at our warehouse is 192.168.4.x with the WMS
server at 192.168.4.10. We have a point to point VPN set up with each
of our branch offices on a 192.168.(storenumber).x IP scheme. The way
the ACLs are set up, all traffic is permitted between stores regardless
of ports. We are able to view streaming media on the WMS server when
we are connecting from a computer on the 192.168.4.x network. However,
we can not view it from any of the computers on the other networks.

We disabled MMS and RTSP and enabled HTTP and it worked fine without
any problems. We wanted to make sure the machine was serving up
requests successfully.

We also have a block of five static IP addresses. One of these
addresses is port forwarding through the PIX to the WMS server. I
currently have the following ports enabled for WMS:
TCP 80
TCP 1755
UDP 1755
TCP 554
UDP 554
UDP 5005
UDP 5004
UDP Range 1024-5000
We can not access the WMS server from the public IP address either.

I have switched out the Cisco PIX with a basic Linksys router and
forwarded ports 554 and 1755 and it works perfectly fine. Through the
PIX we are able to use HTTP, FTP, POP3, SMTP, and several other
protocols without any problems. It just seems to be some type of
conflict between the PIX and the WMS.

The only idea I have left to try is switching the PIX with an older
backup that is running the 6.3 software to see if there is a problem
with 7.1 handling WMS requests.

If anyone has any other ideas, please let me know.
Received on Mon May 1 00:51:07 2006