Ports needed to be open for Windows 2000 Domain Controller
We are installing a Windows 2000 domain controller on one of our DMZ's. I need to know what port/ports on the PIX will need to be open to the DNS server so that the domain controller can dynamically register its SRV records.
Re: Ports needed to be open for Windows 2000 Domain Controller
One of the problems with locating a Win2K server in the DMZ, is that it needs to talk back to all DCs on the network, using all the wonderful ports that Microsoft uses. Depending on the size of your network, that could be a rules to create.
Another option that you have is to tunnel that traffic over IPSEC. We do this with many of the Outlook Web Access Servers that we install, in clients' DMZs. No only does this limit the number of ports that you need to open up, it also protects that data from being seen on the network.
There are a couple Microsoft articles you may want to check out.
Feel free to drop me an email if you have an quesitons.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...