asked on DMZ box logon to DC
I have a windows box on the DMZ interface of my Cisco asa 5510. This windows box needs to be able to authenticate against a domain controller on the inside interface.
Clients on the inside interface need to be able to access file sharing on this dmz box.
Can somebody assist with the tcp/udp ports required to do that and the access lists ?
Currently I have the domain controller/dns on a static nat mapped to the dmz
Clients on the inside interface need to be able to access file sharing on this dmz box.
Can somebody assist with the tcp/udp ports required to do that and the access lists ?
Currently I have the domain controller/dns on a static nat mapped to the dmz
CiscoActive DirectoryNetworking
Last Comment
Pete Long
ASKER
I will likely move into a RODC in the DMZ later on, for now i just need to make this as transparent as possible.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I am not doing this yet, but i verified this worked in lab. Thanks
Good post by Pete, one caveat in 2008 the high ports are from
49152 - 65535²
Still a lot of ports but not as bad as 1024+
Thanks
Mike
49152 - 65535²
Still a lot of ports but not as bad as 1024+
Thanks
Mike
Nice one Mike I'll amend my notes - I wrote that about 7 years ago!
ThanQ
ThanQ
http://www.microsoft.com/en-us/download/details.aspx?id=3957
There is a section there that discusses ports. They also go into using RODCs in the DMZ which is not a bad option.
Thanks
Mike