Question #1 I have a domain forest in my current WAN. I have been asked to tighen up security but implementing ACL's between VLAN's. My problem is this. I have say office A on VlanA with the main controller and office B on VlanB with a child controller. What ports am i going to have to open up between those vlans so the two servers can talk to each other and keep active directory happy.
Question #2 Would I need to open the same ports say if a workstation was on a different Vlan then the server it authenticates with. Not sure this would happen but just wanted to know in the event I run into that.
I have all offices connected via Point to Point T1, switches are all Cisco 3550's and all servers are compaq DL series of one flavor or another.
the goal is to open only the ports needed to have the server talk to each other and keep Active Directory working, allow clients to authenticate and all that other sever functions and block everything else