Looking for (what I hope is) a quick clarification after reading through the following documentation:
http://support.microsoft.com/kb/233256
http://support.microsoft.com/kb/233256
http://www.microsoft.com/en-us/download/details.aspx?id=16797
It appears that the default filtering exemption for Kerberos doesn't exist past Windows 2000, so I assume by default if you create an Any/Any rule Kerberos (port 88) is now included. Now if you are looking to use Kerberos for authentication and the traffic is routing through a firewall, are the following ports all that would need to be opened?
- 50, 51 (possibly), and 500 (UDP)
In other words, are you able to use Kerberos for authentication on IPSec through a firewall assuming that you are looking to use Any/Any for the specified endpoints? The endpoints in this example would be two domain controllers in the same domain/forest.
Any insight would be appreciated as some of the documentation available seems to be a bit older.
Thanks!