I have my new domain controller on the Private network where I house my database servers. I am trying to get my webservers from DMZ to authenticate through my ASA 5520 to the new domain controller on the Private side... I have tried a few things but haven't had any luck, does anyone know an easy way of explaining this configuration on the firewall, or have a document that could help me out?
Chris, if I understand, DC in inside and webserver in DMZ , what does your access list look like can you post.. you may need to open up some tcp and udp ports, create a service object group with these ports, tcp/udp 445, 88,389,53 you may also need netbios ports for file directory access.
refer to this link for ports required,
you may also look into spcific ports in microsoft website knowledbase.
Thanks for the response, I have attached a copy of my current ACLs loaded on the device, your post has already given me a great deal to work with, but hopefully you can take a look and determine a bit more of what I need for this setup.
Following the same format, I will add more ACL entries for the other protocols used by Active Directory to allow my host(s) to access the Domain Controller on the Inside
Does that config look as though it will work? I am having some major issues with this configuration because we do not have a test environment and I cant afford any downtime on my firewall, my deadline for testing is coming up soon, any review/comments would be appreciated.
As I mentioned I have to add this configuration and test in my LIVE environment on Monday, if anyone could review my initial ACL configuration from the document I posted, and asses my new additions to tell me if this will work as planned I would appreciate it.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...