Site replication - wich ports shall be opened in the firewall

Hi guys,

i´ve got a windows 2003 domain and a disaster recovery site, my issue is to know which ports shall i open so the domain controller can communicate to the DR site. All service shall work (DNS, DHCP, AD, Fileserver, Exchange, SQL, etc...)

I know that there is a bunch of ports, but cannot find the official Microsoft release about this subject.

Any help is welcome.

Thanks.
Paulo


LVL 3
pmaribeiroAsked:
Who is Participating?
 
jcurrieCommented:
The problem is that many of the ports you need are dynamic. You need to open massive port ranges and it really becomes far less secure then you would like it to be.

Here is how I have addressed this situation many times.

1) Create an IPSec policy on both servers to request secure communications between the two servers

http://support.microsoft.com/kb/816514


2) Open the ports necessary in the firewall for the IPSec Tunnel between the two servers
      a)AH
      b)UDP 500
      c)ESP

3) You may also need some other ports like DNS or IKE depending on which particular settings you use for your IPSEC configuration


   
0
 
jcurrieCommented:
You just need the DC in the primary site to communicate with the DC in the DR site. Correct?
0
 
pmaribeiroAuthor Commented:
Yes but thats true but in the middle i´ve got distinguished VLANs so i´ll need to allow the ports so the DC can communicate.

Beeing a DR the site is far away from our HQ, its connected by a WAN Link if that matters for the equation.

thanks,
0
 
pmaribeiroAuthor Commented:
Thanks,

This is the solution i´ve needed.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.