Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
0
Helpful
2
Replies

Domain cross the PIX

v6ip
Level 1
Level 1

‎06-26-2002 10:57 AM - edited ‎02-20-2020 10:07 PM

What ports need to be openned to put a Microsoft server to DMZ network and still keep this server a part of the active directory that is inside the PIX?

Thanks,

Michael

0 Helpful
2 Replies 2

krampwd
Level 1
Level 1

‎06-27-2002 09:40 AM

The basic ports and protocol are listed below:

UDP 88 Kerberos

TCP 135 SMB

UDP 137 SMB

UDP 138 SMB

TCP 139 SMB

TCP 389 LDAP

TCP 445 Microsoft-DS

But you may have to deal with connections above 1024 as well, depending on what you are doing. How you handle it also depends on if you are using conduits or access-lists.

Monitor the log file for denied connections to see what else needs to be opened up. But every port that is opened, reduces the security level between the DMZ and your internal network.

-bill

0 Helpful

v6ip
Level 1
Level 1
In response to krampwd

‎06-28-2002 12:51 PM

The other alternitive is leave the server (email) inside the firewall and open the port directly from outside to inside for smtp and http and several others. So I weighted these two options and prefered moving the email server to DMZ. But I have to deal with the domain.

Thanks,

Michael

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card