Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1164
Views
0
Helpful
1
Replies

ISE-AD - DNS to ports => 49152

victguti
Level 1
Level 1

‎08-10-2018 05:02 AM - edited ‎03-11-2019 01:48 AM

Hello,

 

Checking the integration guide for AD and Cisco (

https://www.cisco.com/c/en/us/td/docs/security/ise/2-2/ise_active_directory_integration/b_ISE_AD_integration_2x.html#reference_94BE6ABB85BC47C8AEC29EF8D286E6E4) there is table that indicates the network ports that must be open for communications.

 

The first entry is the following:

Protocol

Port (remote-local)

Target

Authenticated

Notes

DNS (TCP/UDP)

Random number greater than or equal to 49152

DNS Servers/AD Domain Controllers

No

 

The way I read it is that we perform DNS queries from ISE nodes against DNS Servers/AD Domain Controllers not in the normal 53 port but in a random port => 49152. Is it correct?

 

I have been capturing traffic between my ISE nodes and AD and I did not see any connection to ports =>49152 in DNS Servers/Domain Controllers.

 

Thanks.

0 Helpful
1 Reply 1

Ben Walters
Level 3
Level 3

‎08-10-2018 11:45 AM

The ISE servers will send out requests to DNS/AD controllers using high ports in the range from 49152 to 65535 as the source port with port 53 as the destination.

 

I just did a quick capture on our firewall that is in front of our ISE server and saw DNS requests with a source port of 46870 bound for 53 on our AD server.

0 Helpful
Customers Also Viewed These Support Documents