Re: TCP/IP Filtering Question
From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 01/26/05
- Next message: Phillip Windell: "Re: Network Browser Problem over W2K Router"
- Previous message: Steven L Umbach: "Re: TCP/IP Filtering Question"
- In reply to: Herb Martin: "Re: TCP/IP Filtering Question"
- Next in thread: Herb Martin: "Re: TCP/IP Filtering Question"
- Reply: Herb Martin: "Re: TCP/IP Filtering Question"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 26 Jan 2005 16:53:23 -0600
Thanks Herb, I learned everything I know from you - including my bad habbits
:) --- Steve
"Herb Martin" <news@LearnQuick.com> wrote in message
news:%233gSYb$AFHA.3664@TK2MSFTNGP14.phx.gbl...
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:#0vvSF$AFHA.2540@TK2MSFTNGP09.phx.gbl...
>> For what you are doing you might want to try ipsec filtering policy using
>> permit and block fitter actions instead on that router computer.
>
> Follow Steven's advice (or use RRAS filters if this is
> on a router).
>
> Steve's advice to use IPSec is excellent and far to few
> people realize how well IPSec works and how general
> it is APART from doing the actual IPSec-Encryption.
>
> Block and Pass are quite effective.
>
> If you do
>> not want the same ipsec policy applied to both adapters, then configure
> the
>> actual IP address of the network adapter you want to filter instead of
>> "my
>> address". Ipsec filtering will not block multicast and broadcast traffic,
>> kerberos, IKE, or RSVP traffic by default if that is a concern, though a
>> registry mod can change most of that. Ipsec can also manage traffic in
> both
>> directions. The link below explains more. ---- Steve
>
>
>
> --
> Herb Martin
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:#0vvSF$AFHA.2540@TK2MSFTNGP09.phx.gbl...
>> For what you are doing you might want to try ipsec filtering policy using
>> permit and block fitter actions instead on that router computer. If you
>> do
>> not want the same ipsec policy applied to both adapters, then configure
> the
>> actual IP address of the network adapter you want to filter instead of
>> "my
>> address". Ipsec filtering will not block multicast and broadcast traffic,
>> kerberos, IKE, or RSVP traffic by default if that is a concern, though a
>> registry mod can change most of that. Ipsec can also manage traffic in
> both
>> directions. The link below explains more. ---- Steve
>>
>> http://www.securityfocus.com/infocus/1559
>>
>> "Marcus" <Marcus@discussions.microsoft.com> wrote in message
>> news:9A90D9A0-EC72-4982-9A75-E1AA60323DDB@microsoft.com...
>> >I have a Windows 2000 Server acting as a router between two different
>> > networks (10.29.x.x and 10.22.x.x). I want to configure network
> 10.29.x.x
>> > to
>> > be only able to get to the server/router through port 443. I have tried
>> > enabling TCP/IP filtering on that network's NIC accepting only port
>> > 443,
>> > however, all this has done is block the PCs from getting an IP address
>> > from
>> > the DHCP server. Once I give the workstation a static IP in the
> 10.29.x.x
>> > range all traffic goes right through NIC and ignores the TCP/IP
>> > filters.
>> > Thanks for any help.
>>
>>
>
>
- Next message: Phillip Windell: "Re: Network Browser Problem over W2K Router"
- Previous message: Steven L Umbach: "Re: TCP/IP Filtering Question"
- In reply to: Herb Martin: "Re: TCP/IP Filtering Question"
- Next in thread: Herb Martin: "Re: TCP/IP Filtering Question"
- Reply: Herb Martin: "Re: TCP/IP Filtering Question"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
