Re: How do I allow access to an inside server from a public serv

joseph · ‎10-21-2010

Hi,

I have a Cisco 5510 ASA.

I have an inside AD server that has a data directory that I need to update from an outside server.

We want to maintain the tightest secirity we can by opening up only the minimum.

Thanks

--Joe

Marvin Rhoads · ‎10-22-2010

It's not a network management question, but here's how I would do it:

Configure the servers to use LDAP-S (tcp port 636) as your protocol. That encrypts the LDAP traffic in SSL. Put a static NAT on your firewall so the inside servers has a unique public IP address. Add a rule to the ASA allowing on the external server's IP to talk to the NAT IP using LDAP-S.

x.x.x.x = local server real IP

y.y.y.y = local server NAT address

z.z.z.z = remote server ip

static (inside,outside) y.y.y.y x.x.x.x netmask 255.255.255.255

access-list ACL-OUT extended permit tcp host z.z.z.z host y.y.y.y eq 636

This assumes there is no site-site or remote server to site IPSec or SSL VPN.

How do I allow access to an inside server from a public server and maintain security?