Cisco router config to allow ldap

acs365service
acs365service used Ask the Experts™
on
Hi,
We need to allow ldap traffic through to the server we have set up NAT which appears correct, There does not seem to be any access lists in place so ldap traffic should be forwarded on? It's not, seems to be being blocked. https and smtp works fine? I can see zone security do not understand if this is blocking it.

Attached is my config and ip interfaces can anyone see why lday traffic is not allowed through?

Thanks config.txt config.txt ip-interface.txt
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2010
Commented:
Assuming this ldap access is needed on NatOutsideToInside-1 do the following:

Create ACL for LDAP:
access-list 107 remark SDM_ACL Category=0
access-list 107 permit ip any host *********

where ***** is host ip of ldap server

Create a class map for ldap
class-map type inspect match-all sdm-nat-ldap-1
 match access-group 107
 match protocol ldap

Add to your policy map
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-nat-smtp-1
  inspect
 class type inspect sdm-nat-https-1
  inspect
 class type inspect sdm-nat-ldap-1
  inspect
 class type inspect sdm-nat-pptp-1
  inspect
 class type inspect sdm-nat-user-protocol--1-1
  inspect
 class class-default


Again this is assuming it belongs in the sdm-pos-NATOutsideToInside-1

Good Luck

Author

Commented:
This worked for us

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial