Solved

Site replication - wich ports shall be opened in the firewall

Posted on 2010-11-30
4
741 Views
Last Modified: 2012-05-10
Hi guys,

i´ve got a windows 2003 domain and a disaster recovery site, my issue is to know which ports shall i open so the domain controller can communicate to the DR site. All service shall work (DNS, DHCP, AD, Fileserver, Exchange, SQL, etc...)

I know that there is a bunch of ports, but cannot find the official Microsoft release about this subject.

Any help is welcome.

Thanks.
Paulo


0
Comment
Question by:pmaribeiro
  • 2
  • 2
4 Comments
 
LVL 4

Expert Comment

by:jcurrie
ID: 34240282
You just need the DC in the primary site to communicate with the DC in the DR site. Correct?
0
 
LVL 3

Author Comment

by:pmaribeiro
ID: 34240339
Yes but thats true but in the middle i´ve got distinguished VLANs so i´ll need to allow the ports so the DC can communicate.

Beeing a DR the site is far away from our HQ, its connected by a WAN Link if that matters for the equation.

thanks,
0
 
LVL 4

Accepted Solution

by:
jcurrie earned 500 total points
ID: 34242022
The problem is that many of the ports you need are dynamic. You need to open massive port ranges and it really becomes far less secure then you would like it to be.

Here is how I have addressed this situation many times.

1) Create an IPSec policy on both servers to request secure communications between the two servers

http://support.microsoft.com/kb/816514


2) Open the ports necessary in the firewall for the IPSec Tunnel between the two servers
      a)AH
      b)UDP 500
      c)ESP

3) You may also need some other ports like DNS or IKE depending on which particular settings you use for your IPSEC configuration


   
0
 
LVL 3

Author Closing Comment

by:pmaribeiro
ID: 34256495
Thanks,

This is the solution i´ve needed.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
read only DC authentication 3 67
Spanning tree Portfast Bpdugard 15 86
jump server vs push server 6 166
redistribute default route to EIGRP? 2 59
Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question