Re: Ports require to open to allow communications between AD 2003

Hi All,

Appreciate so much! Thanks for the info. I have more or less consolidated
neccessary ports to be open on my firewall. Will be testing it out soon.

"Paul Bergson [MVP-DS]" wrote:

Her eis a Microsoft link

http://support.microsoft.com/kb/179442/en-us

Also I have some info on locking ports to specific ranges for RPC in general
for AD

Check out http://www.pbbergs.com
Select articles and click on Firewall Ports Needed For Replication there is
info and pointers to KB articles

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Herb Martin" <news@xxxxxxxxxxxxxx> wrote in message
news:excZsxHMHHA.1240@xxxxxxxxxxxxxxxxxxxxxxx

"Shann Lim" <ShannLim@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:AF9527D2-0514-4F40-836B-7F1C853C4AC4@xxxxxxxxxxxxxxxx
Hi,

Thanks for e advice, appreciate it. We are not looking in VPN cos the
clients are not connected to Internet.

The Internet is neither important nor necessary to the idea of
a VPN.

We were suggesting that you let the clients connect through
a VPN that is allowed to penetrate your firewall. (You can
use authentication to get the clients validated for that VPN
connection too.)

Something like DMZ. The AD are within 10.20.X.X, clients within
192.X.X.X.
Firewall between them.

Open a VPN through firewall, but only for clients that can
authenticated (VPN user credentials, IPSec, RADIUS or
some such).

I read the articles u given to me but it is for replication. I am
looking
out more on ports to allow clients
to communicate with AD. Any ideas?

Yes, you can get those either through the articles Laura gave you
or through other similar ones....

Just Google:

[ site:microsoft.com "active directory" authenticate open ports ]

...or some such -- I have found this easily on past occasions, so let
me know if you cannot find it yourself.





.

Relevant Pages

  • Re: Connecting to XP sp2 machines by VPN
    ... For PPTP VPN, you need two protocols: TCP, port 1723--which you know all about, and GRE. ... As I understand it, both the XP firewall and the Windows firewall --only require that you open port 1723--they then take care of the GRE stuff automagically. ... Don't open up any of those other protocols you see being dropped, unless there is clear evidence of functionality you need thich is connected to those ports. ... "Jim Behning SBS MVP" wrote: ...
    (microsoft.public.windows.server.sbs)
  • Re: Firewall advice
    ... > The VPN will only way for outside users to connect. ... old ipchains you'd be allowing inbound on the unpriv'd ports anyway. ... You'll need to let 3389 in from the PPTP sessions. ... IP's if only a few clients) to route through. ...
    (comp.security.firewalls)
  • SBS2k3 Server not responding to VPN Clients & Advice on SP2 Firewall configuration for VPN use
    ... We are using a Cisco PIX firewall and have remote workstations ... terminate on the PIX which is sitting in front out our internal network. ... The PIX VPN is working correctly and we are able to ping internal ... Unfortunately the external clients are unable to contact the SBS2k3 server ...
    (microsoft.public.windows.server.sbs)
  • Re: Cant access server over VPN
    ... I did not check this because I was sure I had opened these ports in the firewall on the server...and indeed I had. ... Think is Windows firewall only opened them to the subnet the server was on. ... Networking, Internet, Routing, VPN Troubleshooting on ...
    (microsoft.public.windows.server.networking)
  • IP address on ISA
    ... >clients setup to use that IP address to connect. ... >firewall has been directed through the new ISA. ... >but to change the VPN would mean changing the clients to ...
    (microsoft.public.isa)
Quantcast