Internet Locator Service and Lightweight
Directory Access Protocol
Microsoft developed the Internet Locator Service (ILS) agreement for use in products
such as NetMeeting, SiteServer, and Active Directory services. It is based on
Lightweight Directory Access Agreement (LDAP) adaptation 2.The capital purpose of
ILS appliance analysis is to let centralized users acquaint locally, alike while
www.syngress.com
Advanced PIX Configurations • Chapter 4 165
registered to alfresco LDAP servers.This is done by analytical LDAP messages
traversing the firewall and assuming NAT aback necessary.There is no PAT
support, because alone IP addresses are stored on the server.When attempting
translation of an IP address, the PIX searches its centralized XLATE table first, then
DNAT tables. If neither contains the appropriate address, it is larboard unchanged.
NOTE
If you use alone nat 0 (that is, you do not use NAT) and do not accept DNAT
communications, ILS fixup can be angry off safely. Turning it off will
also advance the firewall’s performance.
The command to configure appliance analysis for ILS is as follows:
[no] fixup agreement ils [
The absence anchorage is 389 (standard LDAP port). As with all added configurable
inspection features, you can see the accepted agreement application the appearance fixup
command.
ILS/LDAP communications action on a client/server archetypal over TCP, so
there is no charge for any acting conduits to be opened by the PIX. During
client/server communications, the PIX monitors for ADD requests and
SEARCH responses, adaptation them with BER break functions; parses the
message for IP addresses; translates them as necessary; encodes the bulletin back,
and sends the accustomed packet to its destination.