How to do 2008 r2 AD replication over a FW?

acl03 · Mar 1, 2013

We have a 2008 R2 domain in a 2003 functional level forest. We will be removing the one 2003 domain left and then promoting the forest to 2008 R2 native mode.

We need to have one of our 2008 domains replicate over a firewall. After researching, there seem to be 3 ways to do it:

1. Open everything needed in the FW
2. Limit RPC traffic to a single port, then open FW
3. Use IPsec for replication

Any recommendations as to the best one? Any issues or problems that can arise with #2 or #3?

Some experience from anyone who's done this before would be great. Thanks!

-Andrew

Thanks,
Andrew

[smarty]

Hard work often pays off over time, but procrastination pays off right now!

jkupski · Mar 1, 2013

I suggest a VPN (i.e. ipsec). We did this for a few years before we had our MPLS links, and it worked fairly well with a total of eleven DCs at eight sites on three continents, and your average site had a T1 worth of bandwidth that was shared for all traffic.

acl03 · Mar 4, 2013

Thanks!

Thanks,
Andrew

[smarty]

Hard work often pays off over time, but procrastination pays off right now!

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

How to do 2008 r2 AD replication over a FW?

acl03

MIS

jkupski

MIS

acl03

MIS

Similar threads

Part and Inventory Search

Sponsor