Active Directory - Authentication Ports to open (DMZ to INTERNAL)

trent1980 · Dec 1, 2003

we upgraded to Active Directory and now our DMZ Windows2k server won't authenticate through our PIX firewall ... what ports are we supposed to open? i've read a bunch of different website but none are helping -- i tried to open these ports below, but it just hangs and then fails trying to authenticate --

conduit permit tcp host 192.168.100.60 eq ldap any (hitcnt=0)
conduit permit udp host 192.168.100.60 eq 135 any (hitcnt=0)
conduit permit tcp host 192.168.100.60 eq 135 any (hitcnt=76)
conduit permit udp host 192.168.100.60 eq 88 any (hitcnt=4)
conduit permit tcp host 192.168.100.60 eq 88 any (hitcnt=0)
conduit permit tcp host 192.168.100.60 eq 137 any (hitcnt=0)
conduit permit tcp host 192.168.100.60 eq domain any (hitcnt=0)
conduit permit udp host 192.168.100.60 eq domain any (hitcnt=70)
conduit permit tcp host 192.168.100.60 eq 3268 any (hitcnt=0)
conduit permit udp host 192.168.100.60 eq 1512 any (hitcnt=0)
conduit permit tcp host 192.168.100.60 eq 1512 any (hitcnt=0)
conduit permit tcp host 192.168.100.60 eq 445 any (hitcnt=0)
conduit permit udp host 192.168.100.60 eq 445 any (hitcnt=0)
conduit permit udp host 192.168.100.60 eq netbios-dgm any (hitcnt=12246)

----
the only luck i have is opening all dynamic ports 1024 and higher (ie 1024 to 65000)

do we have to open all those ports?

Shift838 · Dec 1, 2003

I think it's 135 to 138

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Active Directory - Authentication Ports to open (DMZ to INTERNAL)

trent1980

IS-IT--Management

Shift838

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor