ASA: what are the TCP ports to be permitted for microsoft AD/Exchange/IIS?

danny2125 · ‎05-21-2010

Dear all,

I need to configure a access rule in ASA 5550 to permit microsoft AD/Exchange/IIS services, anyone has the idea what TCP/UDP ports to be opened?

Like other firewall they have predifined services object for these MS services, so is there any other way to configure the ASA to permit such services, for instance, use predefined objects if it has...

Thanks

DYBC2125

Marcin Latosiewicz · ‎05-21-2010

Most of this information can be found on microsoft's excellent knowledgebase pages (IF not part of well known services -> check /etc/services on most unix systes)

If in doubt, best to see what ASA is blocking, enable logging to buffer on informational level:

-------

logging time

logging buffer-size 1040000

logging buffere info

-------

Following this you can do:

-------

show logg | i Deny

-------

or

------

show logg | i $IP.ADD.RE.SS

-------

To see what is being denied :]

Collin Clark · ‎05-21-2010

http://technet.microsoft.com/en-us/library/bb727063.aspx