An administrator needs to connect ISE to Active Directory as an external authentication source and allow the proper ports through the firewall.
Which two ports should be opened to accomplish this task? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.DE.
To connect Cisco Identity Services Engine (ISE) to Active Directory (AD) as an external authentication source, the following ports must be opened through the firewall:
LDAP: Port 389 is used for LDAP authentication. This port should be opened to allow ISE to communicate with the AD domain controller using the LDAP protocol. LDAP is a lightweight protocol used for accessing and managing directory information, such as user accounts and passwords, in AD.
LDAPS: Port 636 is used for secure LDAP (LDAPS) authentication. LDAPS is a protocol that provides encrypted communication between ISE and AD domain controller using SSL/TLS. This port should be opened if you want to use SSL/TLS for secure communication between ISE and AD.
Therefore, the correct answers are D. LDAP: 389 and E. MSRPC: 445.
TELNET: 23, HTTPS: 443, and HTTP: 80 are not used for authenticating with AD. TELNET is an unsecure protocol used for accessing the command-line interface of network devices. HTTPS and HTTP are used for web-based communication and management. MSRPC:445 is not required for connecting ISE to AD, but it is required for joining a computer to the domain.
In summary, for connecting ISE to AD, ports 389 and 636 should be opened for LDAP and LDAPS authentication respectively.