How can I Publish internal LDAP server through ISA 2006

I have ISA 2006 protecting an internal network. I want to allow access to LDAP but it does not seem to be an option in the publishing wizard. Will an access rule do? My preference is though to publish it properly.
What is my besy option ?
andyc0n2005Asked:
Who is Participating?
 
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
The way you have published it is correct. ldap access will be forwarded ok but the bigger question will be 'Is this the only protocol required?' Without knowing the purpose of the access itis hard to tell.

open the ISA gui, select monitoring - logging - click on start query.
What do you see in the log when an access attempt is made to the ldap enquiry?
0
 
drtoto82Connect With a Mentor Commented:
mm I 'll suppose that I want to publish an active directory/  domain controller for users to authenticate through . So, I 'll make an access rule to enable these ports. Make sure of the source and destinations.
Tell me more if u still need any help ...
. DNS : 53 TCP/UDP
. Kerberos : 88 TCP/UDP
. LDAP : 389 TCP/UDP
. LDAP-SSL : 636 TCP/UDP (for PKI and Certificates)
. Global Catalog : 3268 TCP
. SMB : 445 TCP/UDP
. RPC : 135 TCP/UDP
. NetBios Server : 137 TCP/UDP (for downlevel clients)
. NetBios DataGram : 138 TCP/UDP (for downlevel clients)
. NTP : 123 TCP/UDP (Network time Protocol , for kerberos time synchronization)
0
 
andyc0n2005Author Commented:
Thanks for the offer.

I have created a new protocol definition called LDAP Server and for TCP 389 inbound. I then use this definition in a non web server publishing rule applying it to traffic hitting a specific address on my external interface and directing to specific inbound server?

Do you think that will work when I come to test it?
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

 
drtoto82Connect With a Mentor Commented:
It should work . ...

U can also make sure if u have any rule above your LDAP rule that is "DENYING" the trafiic . That could be one forgotten or made before by mistake .
0
 
drtoto82Connect With a Mentor Commented:
Test it . Let me know if u still need more help .
The port numbers I provided before are more than enough . Make sure u don't need to allow more ports that than the 389 port .
0
 
Keith AlabasterEnterprise ArchitectCommented:
Thank you
0
All Courses

From novice to tech pro — start learning today.