Re: TCP/IP Filtering Question
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 01/26/05
- Next message: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Previous message: Jetro: "Re: Problem with NTFS-Permissions"
- In reply to: Marcus: "Re: TCP/IP Filtering Question"
- Next in thread: Herb Martin: "Re: TCP/IP Filtering Question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 26 Jan 2005 16:52:10 -0600
Ipsec "filtering" simply uses the ipsec policy with permit and block filter
actions to create a packet filtering firewall on your network adapter. I was
not referring to use ipsec to encrypt the traffic. The advantage of ipsec
policy is that it is built in, takes affect right after assigning, and does
not require a reboot. --- Steve
"Marcus" <Marcus@discussions.microsoft.com> wrote in message
news:C2BBBD78-683B-4DA0-8599-EE13C5EB20AF@microsoft.com...
> The idea behind what I'm trying to do is to implement the open source SSL
> Explorer on the Windows 2000 Server, which would supply secure
> communications
> to workstations with a SSL VPN tunnel. Since the VPN is SSL, it only needs
> access to port 443. By shutting down all TCP/IP ports, except 443, this
> will
> allow users to have a secure gateway into the other network through the
> Windows server. The main goal is to avoid IPSec. Does anyone have any
> other
> ideas? Thanks.
>
> "Steven L Umbach" wrote:
>
>> For what you are doing you might want to try ipsec filtering policy using
>> permit and block fitter actions instead on that router computer. If you
>> do
>> not want the same ipsec policy applied to both adapters, then configure
>> the
>> actual IP address of the network adapter you want to filter instead of
>> "my
>> address". Ipsec filtering will not block multicast and broadcast traffic,
>> kerberos, IKE, or RSVP traffic by default if that is a concern, though a
>> registry mod can change most of that. Ipsec can also manage traffic in
>> both
>> directions. The link below explains more. ---- Steve
>>
>> http://www.securityfocus.com/infocus/1559
>>
>> "Marcus" <Marcus@discussions.microsoft.com> wrote in message
>> news:9A90D9A0-EC72-4982-9A75-E1AA60323DDB@microsoft.com...
>> >I have a Windows 2000 Server acting as a router between two different
>> > networks (10.29.x.x and 10.22.x.x). I want to configure network
>> > 10.29.x.x
>> > to
>> > be only able to get to the server/router through port 443. I have tried
>> > enabling TCP/IP filtering on that network's NIC accepting only port
>> > 443,
>> > however, all this has done is block the PCs from getting an IP address
>> > from
>> > the DHCP server. Once I give the workstation a static IP in the
>> > 10.29.x.x
>> > range all traffic goes right through NIC and ignores the TCP/IP
>> > filters.
>> > Thanks for any help.
>>
>>
>>
- Next message: Steven L Umbach: "Re: TCP/IP Filtering Question"
- Previous message: Jetro: "Re: Problem with NTFS-Permissions"
- In reply to: Marcus: "Re: TCP/IP Filtering Question"
- Next in thread: Herb Martin: "Re: TCP/IP Filtering Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
