Did I miss something in that article? I don't see where it says client > DC via IPSec is not supported; just that you can't encrypt Kerberos traffic.
Phil
On 9/7/05, Tony Murray <[EMAIL PROTECTED]> wrote:
> If you absolutely HAVE to then I would prefer to look at using IPSec for communication between the Sharepoint box and your DC'sIPSec would be good, but it isn't supported between member servers and DCs.Tony
From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Phil Renouf
Sent: Thursday, 8 September 2005 4:20 a.m.
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Which ports to open in the DMZ to communicate with AD & SQL...
I would look at putting the Sharepoint server on the internal network and deploy an ISA server in the DMZ and use Web Publishing or Server Publishing to get your external clients access to the site. If you want to open access from the DMZ to your AD Forest your firewall will be swiss cheese from all the ports than need to be open.If you absolutely HAVE to then I would prefer to look at using IPSec for communication between the Sharepoint box and your DC's. That leaves you only needing the IPSec port open and not the very large number of ports to support AD communication.Phil
On 9/7/05, Jason B <[EMAIL PROTECTED] > wrote:Because this will be a sharepoint server for clients. Regardless, that
decision has already been made and I don't have any input into it.
Any info on the ports I'd need open?
----- Original Message -----
From: "ASB" <[EMAIL PROTECTED] >
To: < ActiveDir@mail.activedir.org>
Sent: Wednesday, September 07, 2005 8:45 AM
Subject: Re: [ActiveDir] Which ports to open in the DMZ to communicate with
AD & SQL...
Why did you decide to put it in the DMZ?
-ASB
On 9/7/05, Jason B < [EMAIL PROTECTED]> wrote:
> We are putting a MS sharepoint server in the DMZ and need to have it on
> the
> domain and communicating with a SQL server on the domain. Because of
> these
> needs, we only want to open the minimum number of ports to get
> functionality. We have LDAP (389) opened and SQL (1433) opened. What
> other
> ports will we need to open to be able to log in on the sharepoint server
> with a domain account? Currently, with only these two ports opened, a
> domain account can't log on to the sharepoint server in the DMZ.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
This e-mail message has been scanned for Viruses and Content and cleared by NetIQ MailMarshal at Gen-i Limited
