|
Hi, Best way would be to set up a site-to-site
VPN and allow only the required AD traffic to pass through. In case you need to use some service that
runs RPC with a random service port (>1024), use the registry key for the
specific service port to use just one port, instead of a random port in the
high range, and allow that one to pass through on the PIXs. Don't 'Swiss Cheese'
your firewalls, even if you are using a VPN. So.. -
Make a
list of the required services (FSR, DNS, LDAP, etc) and their ports -
Set up
the VPN -
Open up
the ports in- and outbound on both VPN endpoints Basically, that should be enough to get
things running securely. Hope that helps. Regards, Paul. From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega I'm working on setting up a site-to-site VPN using
Cisco Pix 525's. I need to test Active Directory replication over the VPN
as we will have domain controller's on each of the two sites connected
via VPN. I've been reading various articles on either setting
the Pix's up for "wide open" communication between the
DC's or for manually allowing each port needed for AD/DNS replication. Has anyone got suggestions as to the best way to proceed?
Thanks in advance group! This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. |
- RE: [ActiveDir] Slightly OT: Pix config for AD Replicatio... Paul van Geldrop
- RE: [ActiveDir] Slightly OT: Pix config for AD Repli... Renouf, Phil
- Re: [ActiveDir] Slightly OT: Pix config for AD Repli... Tomasz Onyszko
- RE: [ActiveDir] Slightly OT: Pix config for AD Repli... John Reijnders
