Quantcast
Channel: Directory Services forum
Viewing all articles
Browse latest Browse all 31638

2008 R2 DCs through Firewall with IPSec

$
0
0

Looking for (what I hope is) a quick clarification after reading through the following documentation:

http://support.microsoft.com/kb/233256

http://support.microsoft.com/kb/233256

http://www.microsoft.com/en-us/download/details.aspx?id=16797

It appears that the default filtering exemption for Kerberos doesn't exist past Windows 2000, so I assume by default if you create an Any/Any rule Kerberos (port 88) is now included.  Now if you are looking to use Kerberos for authentication and the traffic is routing through a firewall, are the following ports all that would need to be opened?

 - 50, 51 (possibly), and 500 (UDP)

In other words, are you able to use Kerberos for authentication on IPSec through a firewall assuming that you are looking to use Any/Any for the specified endpoints?  The endpoints in this example would be two domain controllers in the same domain/forest.

Any insight would be appreciated as some of the documentation available seems to be a bit older.

Thanks!



Viewing all articles
Browse latest Browse all 31638

Trending Articles