Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

How do I allow access to an inside server from a public server and maintain security?

Hi,

I have a Cisco 5510 ASA.

I have an inside AD server that has a data directory that I need to update from an outside server.

We want to maintain the tightest secirity we can by opening up only the minimum.

Thanks

--Joe

  • Network Management
Everyone's tags (2)
1 REPLY
Hall of Fame Super Silver

Re: How do I allow access to an inside server from a public serv

It's not a network management question, but here's how I would do it:

Configure the servers to use LDAP-S (tcp port 636) as your protocol. That encrypts the LDAP traffic in SSL. Put a static NAT on your firewall so the inside servers has a unique public IP address. Add a rule to the ASA allowing on the external server's IP to talk to the NAT IP using LDAP-S.

x.x.x.x = local server real IP

y.y.y.y = local server NAT address

z.z.z.z = remote server ip


static (inside,outside) y.y.y.y x.x.x.x netmask 255.255.255.255

access-list ACL-OUT extended permit tcp host z.z.z.z host y.y.y.y eq 636

This assumes there is no site-site or remote server to site IPSec or SSL VPN.

281
Views
0
Helpful
1
Replies