Solved

How can I  Publish internal LDAP server through ISA 2006

Posted on 2007-03-28
6
1,439 Views
Last Modified: 2008-11-18
I have ISA 2006 protecting an internal network. I want to allow access to LDAP but it does not seem to be an option in the publishing wizard. Will an access rule do? My preference is though to publish it properly.
What is my besy option ?
0
Comment
Question by:andyc0n2005
  • 3
  • 2
6 Comments
 
LVL 5

Assisted Solution

by:drtoto82
drtoto82 earned 90 total points
ID: 18812860
mm I 'll suppose that I want to publish an active directory/  domain controller for users to authenticate through . So, I 'll make an access rule to enable these ports. Make sure of the source and destinations.
Tell me more if u still need any help ...
. DNS : 53 TCP/UDP
. Kerberos : 88 TCP/UDP
. LDAP : 389 TCP/UDP
. LDAP-SSL : 636 TCP/UDP (for PKI and Certificates)
. Global Catalog : 3268 TCP
. SMB : 445 TCP/UDP
. RPC : 135 TCP/UDP
. NetBios Server : 137 TCP/UDP (for downlevel clients)
. NetBios DataGram : 138 TCP/UDP (for downlevel clients)
. NTP : 123 TCP/UDP (Network time Protocol , for kerberos time synchronization)
0
 

Author Comment

by:andyc0n2005
ID: 18817489
Thanks for the offer.

I have created a new protocol definition called LDAP Server and for TCP 389 inbound. I then use this definition in a non web server publishing rule applying it to traffic hitting a specific address on my external interface and directing to specific inbound server?

Do you think that will work when I come to test it?
0
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 35 total points
ID: 18818078
The way you have published it is correct. ldap access will be forwarded ok but the bigger question will be 'Is this the only protocol required?' Without knowing the purpose of the access itis hard to tell.

open the ISA gui, select monitoring - logging - click on start query.
What do you see in the log when an access attempt is made to the ldap enquiry?
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 5

Assisted Solution

by:drtoto82
drtoto82 earned 90 total points
ID: 18820760
It should work . ...

U can also make sure if u have any rule above your LDAP rule that is "DENYING" the trafiic . That could be one forgotten or made before by mistake .
0
 
LVL 5

Assisted Solution

by:drtoto82
drtoto82 earned 90 total points
ID: 18820766
Test it . Let me know if u still need more help .
The port numbers I provided before are more than enough . Make sure u don't need to allow more ports that than the 389 port .
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 18852049
Thank you
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
There are several problems reported according slow link speeds or poor performance in TMG 2010, UAG 2010 or ISA 2006. I want to collect here some of the common issues together to give a brief overview what can be the reason. Nevertheless, not all of…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question