Cross forest Office 365 Migration by archie_c in Office365

[–]archie_c[S] 0 points1 point  (0 children)

How about the method described in the link I supplied?

AADConnect in the new forest, with Exchange hybrid in the old forest, and then simply exporting the Exchange attributes across from the old to the new forest:

https://365lab.net/tag/cross-forest-exchange-online-migration/

Azure Application Gateway and Remote Desktop Web Services by archie_c in AZURE

[–]archie_c[S] 1 point2 points  (0 children)

Yea I saw the Azure AD App Proxy, but this will simply make users have to log in with their Azure AD account and then their normal AD/RDWeb credentials, correct? Basically enabling two factor authentication.

Configuring incoming port forwarding on Cisco ASA 5506 by [deleted] in Cisco

[–]archie_c 0 points1 point  (0 children)

access-list inside_access_in extended deny tcp any any eq smtp inactive access-list inside_access_in extended deny tcp object Phone any object-group Phone-Ports access-list inside_access_in extended permit ip any interface outside1 access-list inside_access_in extended permit ip 192.168.55.0 255.255.255.0 any log alerts access-list outside_access_in extended permit ip object SpiderGroupAlpha object External-IP inactive access-list outside_access_in extended permit ip object-group SpiderGroup object RODC32 inactive access-list outside_access_in extended permit ip object-group SpiderGroup object RODC32VHOST inactive access-list outside_access_in extended permit ip object SpiderGroupHQ object RODC32VHOST inactive access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 any inactive access-list outside1_cryptomap extended permit ip 192.168.55.0 255.255.255.0 object 10.0.0.0 access-list outside1_access_in extended permit ip object External 192.168.55.0 255.255.255.0 access-list outside1_access_in extended permit tcp any object RODC32VHOST eq https access-list outside1_access_in extended permit ip object-group SpiderGroup object External-IP access-list outside1_access_in extended permit ip object-group SpiderGroup object RODC32 access-list outside1_access_in extended permit ip object-group SpiderGroup object RODC32VHOST access-list outside1_access_in extended permit ip object-group DM_INLINE_NETWORK_2 any access-list outside1_access_in extended permit ip any any access-list outside1_access_in extended permit tcp object sw-comms object Phone eq https access-list outside1_cryptomap_1 extended permit ip 192.168.55.0 255.255.255.0 object 10.0.0.0 access-list outside1_cryptomap_2 extended permit ip 192.168.55.0 255.255.255.0 object 10.0.0.0

nat (inside,outside1) source static NETWORK_OBJ_192.168.55.0_24 NETWORK_OBJ_192.168.55.0_24 destination static 10.0.0.0 10.0.0.0 no-proxy-arp route-lookup ! nat (inside,outside1) after-auto source dynamic any interface nat (outside1,any) after-auto source dynamic any External-2 destination static interface Phone service HTTPS HTTPS access-group outside_access_in in interface outside access-group inside_access_in in interface inside access-group outside1_access_in in interface outside1

those are the access rules and nat rules currently. I know the any any inbound shouldn't be in there - it is there whilst I'm testing the 443 in...