Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3137
Views
0
Helpful
2
Replies

Active Directory Behind ASA Firewalls & RPC Traffic

avilt
Level 3
Level 3

‎11-04-2014 11:28 AM - edited ‎03-11-2019 10:01 PM

As per the following MS article, we need to allow TCP/UDP dynamic ports 49152 through 65535 for the Windows 2008 R2 active directory to work if the clients/domain controllers are behind the firewall.

http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx

 

Can we minimize this ports by using the ASA application inspection features?

 

 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎11-06-2014 02:06 AM

Hi,

You can use DCERPC inspection on the ASA device.

Check these URL links and i think they should help you with your query:-

https://supportforums.cisco.com/document/67706/dcerpc-inspection-asapixfwsm

http://www.experts-exchange.com/Security/Software_Firewalls/Cisco_PIX_Firewall/Q_28128906.html

Thanks and Regards,

Vibhor Amrodia

0 Helpful

avilt
Level 3
Level 3
In response to Vibhor Amrodia

‎11-07-2014 02:24 AM

I am unable to view expertexchange. With DCE/RPC inspection on ASA, can I do away with dynamic port range?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card