Active Directory Replication over Firewalls

February 14, 2007


Active Directory Replication over Firewalls: "This white paper explains how to get replication to function properly in environments where an Active Directory directory forest is distributed among internal perimeter networks (also known as DMZ, demilitarized zones, and screened subnets) and external (Internet-facing) networks."

Ran into this issue when attaching a remote office over a gateway-to-gateway VPN involving two ciscos. The firewall still treated the VPN as an external network, and applied firewall rules to it. We didn't follow this (basically added a rule to allow all traffic from this VPN, then lock it down via switch acls) but it's good info to have.