Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allowing LDAP traffic from Business partner (BP), How to?

Hello

 

I have a (BP) that uses an application that needs to perform an LDAP query on my domain controller.

The BP is requesting the ip of our Domain controller so they can NAT on their side.

 

What do i need to implement to accomplish this task?

 

 

sMc
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

The best way to do this is

The best way to do this is via LDAPS (LDAP over TLS/SSL on TCP port 636) as LDAP (TCP port 389) itself is not inherently secured.

Assuming you you do not have a site-site VPN tunnel, you setup a static NAT in your edge firewall (or wherever you perform NAT from your private internal network to the public internet). You then create an access-list allowing incoming TCP/636 LDAPS requests from their source IP address.

If you use this approach they do not have to NAT specifically for this use case - they would address your server's public address which has been configured on your edge.

1 REPLY
Hall of Fame Super Silver

The best way to do this is

The best way to do this is via LDAPS (LDAP over TLS/SSL on TCP port 636) as LDAP (TCP port 389) itself is not inherently secured.

Assuming you you do not have a site-site VPN tunnel, you setup a static NAT in your edge firewall (or wherever you perform NAT from your private internal network to the public internet). You then create an access-list allowing incoming TCP/636 LDAPS requests from their source IP address.

If you use this approach they do not have to NAT specifically for this use case - they would address your server's public address which has been configured on your edge.

82
Views
0
Helpful
1
Replies
CreatePlease login to create content