Hello,
Checking the integration guide for AD and Cisco (
https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/ise_active_directory_integration/b_ISE_AD_integration_2x.html#reference_94BE6ABB85BC47C8AEC29EF8D286E6E4) there is table that indicates the network ports that must be open for communications.
The first entry is the following:
Protocol
|
Port (remote-local)
|
Target
|
Authenticated
|
Notes
|
DNS (TCP/UDP)
|
Random number greater than or equal to 49152
|
DNS Servers/AD Domain Controllers
|
No
|
—
|
The way I read it is that we perform DNS queries from ISE nodes against DNS Servers/AD Domain Controllers not in the normal 53 port but in a random port => 49152. Is it correct?
I have been capturing traffic between my ISE nodes and AD and I did not see any connection to ports =>49152 in DNS Servers/Domain Controllers.
Thanks.