Subject: RE: [ActiveDir] Ports
during authentication/logons...
David,
If you really, really want to use the
absolute minimum ports through a firewall, use IPSec tunnel mode.
However, your Network Engineers (or whoever manages your Firewalls) may not
like it. Reason? Likely the same reason that I
Youve likely seen this, but it does
describe ports needed for REPLICATION However, Steve does
talk about the benefits of using IPSec through a firewall
Rick
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Adner
Sent: Wednesday, August 24, 2005
10:31 PM
:51 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Ports
during authentication/logons...
David,
If you really, really want to use the
absolute minimum ports through a firewall, use IPSec tunnel mode.
However, your Network Engineers (or whoever manages your Firewalls) may not
like
: [ActiveDir] Ports during
authentication/logons...
David,
If you really, really
want to use the absolute minimum ports through a firewall, use IPSec tunnel
mode. However, your Network Engineers (or whoever manages your Firewalls)
may not like it. Reason? Likely the same reason that I got when I
p.m.To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Ports during
authentication/logons...
I would normally look at the IPSec route, too, but it's not
(as far as I know) supported by MS between domain members and DC's. It's
supposed member-member and DC-DC, but not
members-DC's. At least
, 25 August 2005 4:39 p.m.To:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Ports during
authentication/logons...
Yes, member server to DC using IPSec is not
supported. Well at least it wasn't in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q254949
Not sure why
