Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
835
Views
0
Helpful
1
Replies

How do I allow access to an inside server from a public server and maintain security?

joseph
Level 1
Level 1

‎10-21-2010 10:38 AM

Hi,

I have a Cisco 5510 ASA.

I have an inside AD server that has a data directory that I need to update from an outside server.

We want to maintain the tightest secirity we can by opening up only the minimum.

Thanks

--Joe

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-22-2010 05:37 AM

It's not a network management question, but here's how I would do it:

Configure the servers to use LDAP-S (tcp port 636) as your protocol. That encrypts the LDAP traffic in SSL. Put a static NAT on your firewall so the inside servers has a unique public IP address. Add a rule to the ASA allowing on the external server's IP to talk to the NAT IP using LDAP-S.

x.x.x.x = local server real IP

y.y.y.y = local server NAT address

z.z.z.z = remote server ip


static (inside,outside) y.y.y.y x.x.x.x netmask 255.255.255.255

access-list ACL-OUT extended permit tcp host z.z.z.z host y.y.y.y eq 636

This assumes there is no site-site or remote server to site IPSec or SSL VPN.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents