Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AD Servers communicate though a Cisco PIX?

I'm doing some testing in a Lab where I'm using a PIX(Cisco Firewall). I

have a few client machines on the back end (Internal Side of Firewall - Lab

Network) of the PIX that I need to authenticate with an AD Server on the

outside (Main Network, though Public Side of the Firewall) of the PIX.

I have a few Questions:

Can I put a Secondary AD Server on the Internal side of the PIX and have it

communicate with the one on the outside?

What Ports and communication protocols will I need to open up for them

to communicate?

Can I Authenticate with a AD Server on the outside from a client on the

inside?

What Ports and communication protocols will I need to open up for them

to communicate?

If I set up a DNS Server on the Internal Side, Cna I just have it forward to

the one on the Outside? If not, are there any gotchas in alloing them to do

zone transfers that I should be concerned with, Since AD does not really

update info to other AD Enabled DNS via normal DNS protocol?

I'm sure there is more... (-;

Thanks for any Suggestions and help!

Scott<-

  • Other Security Subjects
2 REPLIES
New Member

Re: AD Servers communicate though a Cisco PIX?

This is a relatively involved process,

To enable replication over dynamic RPC, configure your firewall to permit the following:

Service Port/protocol

--------------------------------------------------------------------------------------------------------------------

RPC endpoint mapper 135/tcp, 135/udp

NetBIOS name service 137/tcp, 137/udp

NetBIOS datagram service 138/udp

NetBIOS session service 139/tcp

RPC dynamic assignment 1024-65535/tcp

SMB over IP (Microsoft-DS) 445/tcp, 445/udp

LDAP 389/tcp

LDAP over SSL 636/tcp

Global catalog LDAP 3268/tcp

Global catalog LDAP over SSL 3269/tcp

Kerberos 88/tcp, 88/udp

DNS 53/tcp

WINS resolution (if required) 1512/tcp, 1512/udp

WINS replication (if required) 42/tcp, 42/udp

Network time protocol (NTP) 123/udp

Examine the following document:

http://www.microsoft.com/serviceproviders/columns/config_ipsec_P63623.asp

New Member

Re: AD Servers communicate though a Cisco PIX?

Check the following document from Microsoft, addressing AD replication over a firewall

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ittasks/tasks/adrepfir.asp

Good Luck!!

Omnia

82
Views
0
Helpful
2
Replies