Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
210
Views
0
Helpful
1
Replies

pix and active directory

mrmozaffari
Level 1
Level 1

‎10-10-2006 12:46 AM - edited ‎02-21-2020 01:13 AM

Hi

Please someone tell me ,where is the best place for active directory server when we have a pix with 6 ports and active directory users on inside interface ?

do i need to seperate active directory server from inside users ?

if i want to do that is there any fixup to permit RPS works ?

This is because of security for domain server and i want to restrict it from inside users that they have not full access to server.

Thanks.

0 Helpful
1 Reply 1

a.kiprawih
Level 7
Level 7

‎10-10-2006 04:45 PM

Users normally need to sit in the same domain with AD. You can place the AD and end-users together in your internal network, but put them under separate/different Vlans.

With firewall, it will break the domain, but I think you can still try and test it by allowing TCP 445 (open in ACL) from AD to end-users (and vice-versa).

There might be other ports needed as well, like netbios-ns (tcp/udp 137), netbios-dgm (tcp/udp 138) and netbios-ssn (tcp/udp 139)

Cheers!

AK

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card