11-04-2014 11:28 AM - edited 03-11-2019 10:01 PM
As per the following MS article, we need to allow TCP/UDP dynamic ports 49152 through 65535 for the Windows 2008 R2 active directory to work if the clients/domain controllers are behind the firewall.
http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx
Can we minimize this ports by using the ASA application inspection features?
11-06-2014 02:06 AM
Hi,
You can use DCERPC inspection on the ASA device.
Check these URL links and i think they should help you with your query:-
https://supportforums.cisco.com/document/67706/dcerpc-inspection-asapixfwsm
http://www.experts-exchange.com/Security/Software_Firewalls/Cisco_PIX_Firewall/Q_28128906.html
Thanks and Regards,
Vibhor Amrodia
11-07-2014 02:24 AM
I am unable to view expertexchange. With DCE/RPC inspection on ASA, can I do away with dynamic port range?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: