AD replication over sites & adding SVR to domain over Firewall.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Can you pls help with ur expert comment:

We are having 3 sites, one is Prim & rests 2 are DR sites (say for eg: B & C)
Separated each other by Firewall through Infinity link. Site C server
Crashed, so we reinstalled OS but when we try to add the machine in domain,it
doesn't get added & gives error. So kndly can u tell us apart from the below
mentioned Port any other port is required? Same for site B, AD doesn't get
replicated. Port135 is vulnerable to Virus; we don't want to open port
135,445,137,138,139 too. Server’s addresses are NATed too for secuirty
reason, so with this Nated Environment & elminating port 135, 445, Can u pls
help me to achieve this.I have made the RPC static port for AD replication &
RPC static port for FRS
Static in registry too.

Ports not opened (135, 137, 138, 139 and 445)

Ports Opened: tcp [49152, 48153, 389, 636, 3268, 3269, 88, 53, 3389, 20, 21]

udp [389, 88, 53]

Does Ipsec in Windows work fine with NAT in windows 2000,can we explore this
option too?
 
Innu said:
Can you pls help with ur expert comment:

We are having 3 sites, one is Prim
Click to expand...

Prim? Primary?
& rests 2 are DR sites (say for eg: B & C)
Click to expand...

DR? What do you mean?
Separated each other by Firewall through Infinity link. Site C server
Crashed, so we reinstalled OS but when we try to add the machine in
domain,it
doesn't get added & gives error. So kndly can u tell us apart from the
below
mentioned Port any other port is required? Same for site B, AD doesn't get
replicated. Port135 is vulnerable to Virus; we don't want to open port
135,445,137,138,139 too. Server's addresses are NATed too for secuirty
reason, so with this Nated Environment & elminating port 135, 445, Can u
pls
help me to achieve this.I have made the RPC static port for AD replication
&
RPC static port for FRS
Click to expand...

Create a VPN and just open the VPN between the sites without opening
ANYTHING on the Internet.
Static in registry too.

Ports not opened (135, 137, 138, 139 and 445)

Ports Opened: tcp [49152, 48153, 389, 636, 3268, 3269, 88, 53, 3389, 20,
21]

udp [389, 88, 53]

Does Ipsec in Windows work fine with NAT in windows 2000,can we explore
this
option too?
Click to expand...

It works fine from OUTSIDE-NAT1-to-OutsideNAT2 -- it cannot be translated
THROUGH the NAT since some of the required (translated fields) are
checksummed
or encrypted).

You can use a (raw) IPSec tunnel as a VPN if you prefer that to using RRAS
with
L2TP/IPSec.
 
Herb Martin said:
Innu said:
Can you pls help with ur expert comment:

We are having 3 sites, one is Prim
Click to expand...

Prim? Primary?
& rests 2 are DR sites (say for eg: B & C)
Click to expand...

DR? What do you mean?
Separated each other by Firewall through Infinity link. Site C server
Crashed, so we reinstalled OS but when we try to add the machine in
domain,it
doesn't get added & gives error. So kndly can u tell us apart from the
below
mentioned Port any other port is required? Same for site B, AD doesn't get
replicated. Port135 is vulnerable to Virus; we don't want to open port
135,445,137,138,139 too. Server's addresses are NATed too for secuirty
reason, so with this Nated Environment & elminating port 135, 445, Can u
pls
help me to achieve this.I have made the RPC static port for AD replication
&
RPC static port for FRS
Click to expand...

Create a VPN and just open the VPN between the sites without opening
ANYTHING on the Internet.
Static in registry too.

Ports not opened (135, 137, 138, 139 and 445)

Ports Opened: tcp [49152, 48153, 389, 636, 3268, 3269, 88, 53, 3389, 20,
21]

udp [389, 88, 53]

Does Ipsec in Windows work fine with NAT in windows 2000,can we explore
this
option too?
Click to expand...

It works fine from OUTSIDE-NAT1-to-OutsideNAT2 -- it cannot be translated
THROUGH the NAT since some of the required (translated fields) are
checksummed
or encrypted).

You can use a (raw) IPSec tunnel as a VPN if you prefer that to using RRAS
with
L2TP/IPSec.
Click to expand...
-----------------------------------------------------------------------
Hello Martin,
Thanks for your reply.I got one more option when iwas searching in NET.Can
SSH for windows be used for accomplishing with tunneling as a client?Beause
as per our Networking guys they can't implement VPN/Ipsec in our Router.

Thanks & Regards,
Unni
 
Innu said:
-----------------------------------------------------------------------
Hello Martin,
Thanks for your reply.I got one more option when iwas searching in NET.Can
SSH for windows be used for accomplishing with tunneling as a
client?Beause
as per our Networking guys they can't implement VPN/Ipsec in our Router.
Click to expand...

If you add software to both sides -- client and server or two peers -- as
SSH
does not come with Windows.

What modern router cannot do IPSec? Unless it is a cheap or old one it
should do that.

If not you might use PPTP and open this through the router.
 
Back
Top