Re: any logging when ipsec blocks a port? how to determine which ports need to be opened?
From: Mark Swift [MSFT] (mswif_at_online.microsoft.com)
Date: 08/24/04
- Next message: anonymous_at_discussions.microsoft.com: "Re: Dupticate name error"
- Previous message: Nimit Mehta: "Networking problem"
- In reply to: Steven L Umbach: "Re: any logging when ipsec blocks a port? how to determine which ports need to be opened?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 24 Aug 2004 14:33:54 -0700
You can also enable IPSec Driver dropped packet event logging. Search for
EnableDiagnostics on this page:
-- Mark Swift Software Test Engineer IP Security Windows Networking Microsoft This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message news:g_uQc.211094$%_6.31020@attbi_s01... > Not really. The link below is a KB article about troubleshooting ipsec but > mostly > relates to negotiation failures. > > http://support.microsoft.com/default.aspx?scid=kb;en-us;257225 > > Your best bet would be to use a packet sniffer like Ethereal to see what > packets are > not getting responses from what computers and on what ports. The link > below may be of > help on what ports are necessary for network functioning in a NT4.0 > domain. --- > Steve > > http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B179442 > > Windows NT > Client Port(s) Server Port Service > 1024-65535/TCP 135/TCP RPC * > 137/UDP 137/UDP NetBIOS Name > 138/UDP 138/UDP NetBIOS Netlogon and Browsing > 1024-65535/TCP 139/TCP NetBIOS Session > 1024-65535/TCP 42/TCP WINS Replication > > > "Les Caudle" <very@tiredofspam.com> wrote in message > news:i5p4h0phaa5gbkindav51skdb8m2m7vmvd@4ax.com... >> I'd like to be able to lock down some office machines - so that the users >> can >> share files, browse out thru proxy server, log onto the NT4 PDC domain - >> but >> pretty much lock down everything else. (is there an faq on this?) >> >> As ports are blocked by ipsec during configuration, some necessary ports >> may get >> blocked. Is there a way to tell which ports were trying to get in and >> out (and >> were blocked) so that ipsec could be tweaked a bit? >> -- >> Thanks in advance, Les Caudle > >
- Next message: anonymous_at_discussions.microsoft.com: "Re: Dupticate name error"
- Previous message: Nimit Mehta: "Networking problem"
- In reply to: Steven L Umbach: "Re: any logging when ipsec blocks a port? how to determine which ports need to be opened?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
