VPN Tunnel blocks replication

[doctor2001]

Hi-
I have a Pix 501 on one side of the tunnel and a 515 on the other. It seem sthat if I block inside ports on my 515 the W2K servers dont replicate. I have been able to open some ports and am now getting partial replication. Does anyone knowthe full list of ports thatmust be open to allow this ??

Thanks-

 

[brontosaurus]

hope this helps:

http://support.microsoft.com/default.aspx?scid=kb;en-us;150543

 

[yizhar]

HI.

If applicable, you can open all the ports from inside to the other network behing the VPN.
I use something like this in a similar scenario:

My side: 10.0.0.0/24
Other side behind VPN: 192.168.1.0

# This should be the first line in the access-list:
access-list frominside permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0
# Now start opening ports for regular traffic:
access-list frominside permit .....

Instead of permitting the whole network, you can specify only the W2K server(s) that you wish.

Another option - you are talking about Active Directory replication, right?
If so, make sure that the you define different AD sites for each network, and then you can configure AD to replicate using SMTP instead of IP. This requires only email connectivity instead of many open ports.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar

 

[doctor2001]

Thanks Guys,
I will give this a try and update you.

 

[doctor2001]

Worked great !!!

I was missing the first line
access-list frominside permit ip 10.0.0.0 255.255.255.0 192.168.1.0 255.255.255.0

Now I feel really silly !!!