I’m working on setting up a site-to-site VPN using Cisco Pix 525’s. I need to test Active Directory replication over the VPN as we will have domain controller’s on each of the two sites connected via VPN.
I’ve been reading various articles on either setting the Pix’s up for “wide open” communication between the DC’s or for manually allowing each port needed for AD/DNS replication.
Has anyone got suggestions as to the best way to proceed? Thanks in advance group!
Take a look at this document http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp
Approach with least problems will be to set up IPSec tunnels between these two sites and allow all communication - If You want to add additional network control allow only specific ports
-- Tomasz Onyszko [MVP] [EMAIL PROTECTED] http://www.w2k.pl
List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
