Skip to content

Cisco ASA

21/03/2014

Here’s a few bits for a Cisco ASA to allow Windows Domain Services.

e.g. you need a DMZ server to be a member server of a domain on the internal LAN.

object-group service Windows_KDC
description Windows KDC
service-object tcp-udp eq 88
service-object tcp-udp eq 464
service-object udp eq 389
object-group service Windows_LSASS
description Windows LSASS
service-object tcp eq 3268
service-object tcp eq 3269
service-object tcp-udp eq 389
service-object tcp eq ldaps
service-object tcp eq 135
service-object udp eq ntp
object-group service Windows_DNS
description Windows DNS
service-object tcp-udp eq domain
object-group service Windows_Browser
description Windows Browser
service-object udp eq netbios-ns
service-object udp eq netbios-dgm
service-object tcp eq netbios-ssn
object-group service Windows_DCE-RPC
description Windows DCE-RPC
service-object tcp eq 1026
service-object tcp eq 1025
object-group service Windows_Dfs
description Windows Dfs
service-object udp eq netbios-dgm
service-object tcp eq netbios-ssn
service-object tcp-udp eq 389
service-object tcp eq 445
service-object tcp eq 135
object-group service Windows_Domain_Services
description Windows Domain services
group-object Windows_Browser
group-object Windows_LSASS
group-object Windows_DNS
group-object Windows_KDC
group-object Windows_DCE-RPC
group-object Windows_Dfs

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: