https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869651#M491877 <HTML><HEAD></HEAD><BODY><P>Will do thank u.</P></BODY></HTML> Wed, 14 Dec 2011 11:39:11 GMT jamesfick 2011-12-14T11:39:11Z https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869646#M491872 <P>We need to deploy a RODC in a perimeter network and allow replication via IPsec through our ASA from the DC.&nbsp; Was wondering if anyone here has done this and if so could you share with me what worked and didn't work.&nbsp; We are using several Microsoft documents to do this deployment but none of the documents can agree on what ports are needed to be opened on the ASA to allow this traffic through, and from which direction.</P><P></P><P>Any help or advice would be greatly appreciated.&nbsp; Thank you.</P><P></P><P>Jim</P> Mon, 11 Mar 2019 21:58:29 GMT https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869646#M491872 jamesfick 2019-03-11T21:58:29Z https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869647#M491873 <HTML><HEAD></HEAD><BODY><P>RODC as in Read-Only Domain Controller? </P><P></P><P>I see so many deployment guides on google as well.&nbsp; Best thing to do is watch the logs on the ASA and look for denied packets due to access-list message and selectively open ports for those that are blocked.</P><P></P><P><A class="jive-link-external-small" href="http://forums.techarena.in/active-directory/1303925.htm">http://forums.techarena.in/active-directory/1303925.htm</A></P><P></P><P>Enable logging on the ASA:</P><P>conf t</P><P>loggin on</P><P>logging buffered 7</P><P>exit</P><P>sh logg | i x.x.x.x (where x.x.x.x is the iP address of RODC)</P><P></P><P>-Kureli</P></BODY></HTML> Thu, 08 Dec 2011 22:01:18 GMT https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869647#M491873 Kureli Sankar 2011-12-08T22:01:18Z https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869648#M491874 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I have been doing this exercise during this week.</P><P>I have used this document:</P><P><A href="http://technet.microsoft.com/en-us/library/dd728028(WS.10).aspx">http://technet.microsoft.com/en-us/library/dd728028(WS.10).aspx</A> - Required communication ports</P><P></P><P>And also, required communication on 135-139 (udp i tcp) and 80 (tcp) toward CA.</P><P></P><P>Everything seems to be working with this setup ok.</P><P></P><P>It all has been done on one ASA (from DMZ to trusted server network).</P><P>But if you use IPSec, I suppose that IPsec is created from ASA (not from Windows server), so port requirements should be same.</P><P></P><P>Please rate if help.</P><P></P><P>Pavel</P></BODY></HTML> Fri, 09 Dec 2011 09:32:45 GMT https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869648#M491874 Pavel Pokorny 2011-12-09T09:32:45Z https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869649#M491875 <HTML><HEAD></HEAD><BODY><P>Thank you for the info, I will look over the document.</P><P></P><P></P><P></P><P>James Fick</P><P>Security Engineer</P><P>2501 Jolly Road, Suite 180</P><P>Okemos, MI 48917</P><P>Tel: 517-324-8304</P><P>Fax: 517-324-7364</P><P></P><P><A href="Description: MPHI_logo_102_2607 111709.JPG"></A></P><P>www.mphi.org<></></P><P>Working with You to Promote Health</P><P><A href="Description: MPHI 2 color wave.jpg"></A></P></BODY></HTML> Tue, 13 Dec 2011 13:41:41 GMT https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869649#M491875 jamesfick 2011-12-13T13:41:41Z https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869650#M491876 <HTML><HEAD></HEAD><BODY><P>Good work Kureli....Deserves a high 5!!&nbsp;&nbsp; James, please rate the query and mark it as answered.&nbsp;&nbsp; Regards,&nbsp; Ankur thukral&nbsp; Community Manager: Security and VPN</P></BODY></HTML> Wed, 14 Dec 2011 10:53:44 GMT https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869650#M491876 athukral 2011-12-14T10:53:44Z https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869651#M491877 <HTML><HEAD></HEAD><BODY><P>Will do thank u.</P></BODY></HTML> Wed, 14 Dec 2011 11:39:11 GMT https://community.cisco.com/t5/network-security/deploying-an-rodc-in-a-perimeter-network/m-p/1869651#M491877 jamesfick 2011-12-14T11:39:11Z