Solved

Site replication - wich ports shall be opened in the firewall

Posted on 2010-11-30
4
751 Views
Last Modified: 2012-05-10
Hi guys,

i´ve got a windows 2003 domain and a disaster recovery site, my issue is to know which ports shall i open so the domain controller can communicate to the DR site. All service shall work (DNS, DHCP, AD, Fileserver, Exchange, SQL, etc...)

I know that there is a bunch of ports, but cannot find the official Microsoft release about this subject.

Any help is welcome.

Thanks.
Paulo


0
Comment
Question by:pmaribeiro
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:jcurrie
ID: 34240282
You just need the DC in the primary site to communicate with the DC in the DR site. Correct?
0
 
LVL 3

Author Comment

by:pmaribeiro
ID: 34240339
Yes but thats true but in the middle i´ve got distinguished VLANs so i´ll need to allow the ports so the DC can communicate.

Beeing a DR the site is far away from our HQ, its connected by a WAN Link if that matters for the equation.

thanks,
0
 
LVL 4

Accepted Solution

by:
jcurrie earned 500 total points
ID: 34242022
The problem is that many of the ports you need are dynamic. You need to open massive port ranges and it really becomes far less secure then you would like it to be.

Here is how I have addressed this situation many times.

1) Create an IPSec policy on both servers to request secure communications between the two servers

http://support.microsoft.com/kb/816514


2) Open the ports necessary in the firewall for the IPSec Tunnel between the two servers
      a)AH
      b)UDP 500
      c)ESP

3) You may also need some other ports like DNS or IKE depending on which particular settings you use for your IPSEC configuration


   
0
 
LVL 3

Author Closing Comment

by:pmaribeiro
ID: 34256495
Thanks,

This is the solution i´ve needed.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PXE boot across multiple different subnets or VLAN ? 4 128
Blacklist a site 3 106
Show ip route - definition 1 103
How to configure this in fortinet firewall 2 105
Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question