Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

pix and active directory

Hi

Please someone tell me ,where is the best place for active directory server when we have a pix with 6 ports and active directory users on inside interface ?

do i need to seperate active directory server from inside users ?

if i want to do that is there any fixup to permit RPS works ?

This is because of security for domain server and i want to restrict it from inside users that they have not full access to server.

Thanks.

1 REPLY

Re: pix and active directory

Users normally need to sit in the same domain with AD. You can place the AD and end-users together in your internal network, but put them under separate/different Vlans.

With firewall, it will break the domain, but I think you can still try and test it by allowing TCP 445 (open in ACL) from AD to end-users (and vice-versa).

There might be other ports needed as well, like netbios-ns (tcp/udp 137), netbios-dgm (tcp/udp 138) and netbios-ssn (tcp/udp 139)

Cheers!

AK

113
Views
0
Helpful
1
Replies
CreatePlease to create content