07-05-2009 04:49 PM - edited 03-11-2019 08:51 AM
This is what I have.
access-list INCOMING permit tcp any host 1.2.3.251 eq 3389
access-list INCOMING permit tcp any host 1.2.3.251 eq ldap
access-list INCOMING permit tcp any host 1.2.3.251 eq www
access-list INCOMING permit tcp any host 1.2.3.251 eq https
access-list INCOMING permit tcp any host 1.2.3.251 eq 4125
access-list INCOMING permit tcp any host 1.2.3.251 eq smtp
access-list INCOMING permit tcp any host 1.2.3.251 eq pptp
access-list INCOMING permit gre any host 1.2.3.251
access-group INCOMING in interface outside
static (inside,outside) 1.2.3.251 192.168.1.5 netmask 255.255.255.255 0 0
RDP & such works fine. I'm trying to setup Postini to synch with LDAP, and am getting a connection error:
Exception while attempting to retrieve results
java.lang.RuntimeException: javax.naming.CommunicationException: 1.2.3.251:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
Any ideas why LDAP (389) traffic is not getting to 192.168.1.5?
07-06-2009 01:12 AM
Scott
LDAP uses UDP as well as TCP. Try adding the following and retest -
access-list INCOMING permit udp any host 1.2.3.251 eq 389
Jon
07-07-2009 04:34 PM
Update:
It looks like the ACL was correct. Our Systems guy, after further research, discovered that GC servers may use a different port than DC's. That plus another unforeseen issue with ports.
But either way, my ACL was correct.
07-09-2009 07:32 AM
I would suggest you employ LDAPS as well on 636.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide