Re: Joining a remote user without VPN

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: "Ace Fekay [MVP]" <PleaseAskMe@xxxxxxxxxxxxxx>
Date: Thu, 17 Jan 2008 19:34:44 -0500

In news:5885411e-98ee-4ed7-bf4e-95d4721197ad@xxxxxxxxxxxxxxxxxxxxxxxxxxxx,
beardshall@xxxxxxxxx <beardshall@xxxxxxxxx> typed:

We have an Active Directory domain at our office. The PDC is behind
our PIX firewall. We have a brand new user that is outside of our
firewall in another city, and they would like to join their laptop to
our domain. Is it possible to open specific ports on our firewall for
that new user that would allow the person to join their laptop to our
domain without using something like VPN?

Sure, if you open about 29 ports to the outside world, which is what AD
needs for domain communication.

How to configure a firewall for domains and trustsDescribes the ports that
are used when you configure a trust relationship or domain communications.
http://support.microsoft.com/kb/179442

Use a VPN. If using a PIX, the Cisco VPN client is excellent.

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

.

References:
- Joining a remote user without VPN
  - From: beardshall

Prev by Date: Re: Rename Domain Controller
Next by Date: Re: Unable to Change Admin Password
Previous by thread: Joining a remote user without VPN
Next by thread: Re: Home Folder Creation with subfolders
Index(es):
- Date
- Thread

Relevant Pages

Re: Connecting to XP sp2 machines by VPN
... For PPTP VPN, you need two protocols: TCP, port 1723--which you know all about, and GRE. ... As I understand it, both the XP firewall and the Windows firewall --only require that you open port 1723--they then take care of the GRE stuff automagically. ... Don't open up any of those other protocols you see being dropped, unless there is clear evidence of functionality you need thich is connected to those ports. ... "Jim Behning SBS MVP" wrote: ...
(microsoft.public.windows.server.sbs)
Re: Cant access server over VPN
... I did not check this because I was sure I had opened these ports in the firewall on the server...and indeed I had. ... Think is Windows firewall only opened them to the subnet the server was on. ... Networking, Internet, Routing, VPN Troubleshooting on ...
(microsoft.public.windows.server.networking)
Re: Ports require to open to allow communications between AD 2003
... Also I have some info on locking ports to specific ranges for RPC in general ... Select articles and click on Firewall Ports Needed For Replication there is ... We are not looking in VPN cos the ... We were suggesting that you let the clients connect through ...
(microsoft.public.windows.server.active_directory)
Re: Long time loging to the domain behind the firewall
... It is not my case to use VPN, the servers are in the same building on the same network but behind firewall. ... I just want to know maybe I need to open some extra ports and change registry etc.. ... Basically I would like if the computer detects a slow connection to try using the VPN and then run all the star-up scripts and such. ... Global catalog LDAP over SSL 3269/tcp ...
(microsoft.public.windows.server.active_directory)
Re: Connecting to XP sp2 machines by VPN
... I have no idea which parts of the connections the firewall is blocking. ... have looked at the firewall log and googled the ports that have DROP in the ... "Jim Behning SBS MVP" wrote: ... open port 1723 so what are all the others, are they to do with the VPN ...
(microsoft.public.windows.server.sbs)