Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Site replication - wich ports shall be opened in the firewall

Posted on 2010-11-30
4
Medium Priority
?
761 Views
Last Modified: 2012-05-10
Hi guys,

i´ve got a windows 2003 domain and a disaster recovery site, my issue is to know which ports shall i open so the domain controller can communicate to the DR site. All service shall work (DNS, DHCP, AD, Fileserver, Exchange, SQL, etc...)

I know that there is a bunch of ports, but cannot find the official Microsoft release about this subject.

Any help is welcome.

Thanks.
Paulo


0
Comment
Question by:pmaribeiro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:jcurrie
ID: 34240282
You just need the DC in the primary site to communicate with the DC in the DR site. Correct?
0
 
LVL 3

Author Comment

by:pmaribeiro
ID: 34240339
Yes but thats true but in the middle i´ve got distinguished VLANs so i´ll need to allow the ports so the DC can communicate.

Beeing a DR the site is far away from our HQ, its connected by a WAN Link if that matters for the equation.

thanks,
0
 
LVL 4

Accepted Solution

by:
jcurrie earned 2000 total points
ID: 34242022
The problem is that many of the ports you need are dynamic. You need to open massive port ranges and it really becomes far less secure then you would like it to be.

Here is how I have addressed this situation many times.

1) Create an IPSec policy on both servers to request secure communications between the two servers

http://support.microsoft.com/kb/816514


2) Open the ports necessary in the firewall for the IPSec Tunnel between the two servers
      a)AH
      b)UDP 500
      c)ESP

3) You may also need some other ports like DNS or IKE depending on which particular settings you use for your IPSEC configuration


   
0
 
LVL 3

Author Closing Comment

by:pmaribeiro
ID: 34256495
Thanks,

This is the solution i´ve needed.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question