Re: TCP/IP Filtering Question
From: Herb Martin (news_at_LearnQuick.com)
Date: 01/26/05
- Next message: Jetro: "Re: Problem with NTFS-Permissions"
- Previous message: Marcus: "Re: TCP/IP Filtering Question"
- In reply to: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Next in thread: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Reply: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 26 Jan 2005 16:13:38 -0600
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:#0vvSF$AFHA.2540@TK2MSFTNGP09.phx.gbl...
> For what you are doing you might want to try ipsec filtering policy using
> permit and block fitter actions instead on that router computer.
Follow Steven's advice (or use RRAS filters if this is
on a router).
Steve's advice to use IPSec is excellent and far to few
people realize how well IPSec works and how general
it is APART from doing the actual IPSec-Encryption.
Block and Pass are quite effective.
If you do
> not want the same ipsec policy applied to both adapters, then configure
the
> actual IP address of the network adapter you want to filter instead of "my
> address". Ipsec filtering will not block multicast and broadcast traffic,
> kerberos, IKE, or RSVP traffic by default if that is a concern, though a
> registry mod can change most of that. Ipsec can also manage traffic in
both
> directions. The link below explains more. ---- Steve
-- Herb Martin "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message news:#0vvSF$AFHA.2540@TK2MSFTNGP09.phx.gbl... > For what you are doing you might want to try ipsec filtering policy using > permit and block fitter actions instead on that router computer. If you do > not want the same ipsec policy applied to both adapters, then configure the > actual IP address of the network adapter you want to filter instead of "my > address". Ipsec filtering will not block multicast and broadcast traffic, > kerberos, IKE, or RSVP traffic by default if that is a concern, though a > registry mod can change most of that. Ipsec can also manage traffic in both > directions. The link below explains more. ---- Steve > > http://www.securityfocus.com/infocus/1559 > > "Marcus" <Marcus@discussions.microsoft.com> wrote in message > news:9A90D9A0-EC72-4982-9A75-E1AA60323DDB@microsoft.com... > >I have a Windows 2000 Server acting as a router between two different > > networks (10.29.x.x and 10.22.x.x). I want to configure network 10.29.x.x > > to > > be only able to get to the server/router through port 443. I have tried > > enabling TCP/IP filtering on that network's NIC accepting only port 443, > > however, all this has done is block the PCs from getting an IP address > > from > > the DHCP server. Once I give the workstation a static IP in the 10.29.x.x > > range all traffic goes right through NIC and ignores the TCP/IP filters. > > Thanks for any help. > >
- Next message: Jetro: "Re: Problem with NTFS-Permissions"
- Previous message: Marcus: "Re: TCP/IP Filtering Question"
- In reply to: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Next in thread: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Reply: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
