07-05-2009 04:49 PM - edited 03-11-2019 08:51 AM
This is what I have.
access-list INCOMING permit tcp any host 1.2.3.251 eq 3389
access-list INCOMING permit tcp any host 1.2.3.251 eq ldap
access-list INCOMING permit tcp any host 1.2.3.251 eq www
access-list INCOMING permit tcp any host 1.2.3.251 eq https
access-list INCOMING permit tcp any host 1.2.3.251 eq 4125
access-list INCOMING permit tcp any host 1.2.3.251 eq smtp
access-list INCOMING permit tcp any host 1.2.3.251 eq pptp
access-list INCOMING permit gre any host 1.2.3.251
access-group INCOMING in interface outside
static (inside,outside) 1.2.3.251 192.168.1.5 netmask 255.255.255.255 0 0
RDP & such works fine. I'm trying to setup Postini to synch with LDAP, and am getting a connection error:
Exception while attempting to retrieve results
java.lang.RuntimeException: javax.naming.CommunicationException: 1.2.3.251:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
Any ideas why LDAP (389) traffic is not getting to 192.168.1.5?
07-06-2009 01:12 AM
Scott
LDAP uses UDP as well as TCP. Try adding the following and retest -
access-list INCOMING permit udp any host 1.2.3.251 eq 389
Jon
07-07-2009 04:34 PM
Update:
It looks like the ACL was correct. Our Systems guy, after further research, discovered that GC servers may use a different port than DC's. That plus another unforeseen issue with ports.
But either way, my ACL was correct.
07-09-2009 07:32 AM
I would suggest you employ LDAPS as well on 636.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: