Re: IPSec policie is not working like it should
From: David Beder [MSFT] (dbeder_at_online.microsoft.com)
Date: 04/08/04
- Next message: Henrik Nilsson: "Enterprise CA Server removed"
- Previous message: Nick: "Re: General Network Question"
- In reply to: Arjen: "IPSec policie is not working like it should"
- Next in thread: Arjen Steur: "Re: IPSec policie is not working like it should"
- Reply: Arjen Steur: "Re: IPSec policie is not working like it should"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 8 Apr 2004 00:21:23 -0700
I'm not sure how you can force all your traffic to go out a single port.
Almost all of your applications are going to be given dynamic outbound ports
(ie they'll get a different one each time). Do you have some sort of port
translation software? Even if you did get this to happen or instead use the
dynamic outbound port, that will let you push traffic out, but when it
returns, your inbound filters are going to block it.
It sounds like you're looking for a firewall, not data protection.
-- David Microsoft Windows Networking This posting is provided "AS IS" with no warranties, and confers no rights. "Arjen" <arjensteur@hotmail.com> wrote in message news:f2dfcd96.0404070402.46b34b02@posting.google.com... > Hello, > > I've got a Windows Server 2003 Web-Edition installed on my webserver > which is placed somewhere else. I designed IP Security policies to > this machine which work fine. > - All inbound ports are blocked at first (no mirroring) > - Inbound Port 80, 443 (http/https) enabled (no mirroring) > - Inbound Port 3389, 6699 (Terminal Services and RDC) enabled from a > specific IP adress (no mirroring) > > * Inbound means that the source IP is 'Any IP adress' and the > destination IP is 'My IP adress'. > > This works fine! But I can't get the following rules to work. They are > a little redundant, but nevertheless they should work I think. My > question is how to get these rules to work correctly. > > - All Outbound ports are opened (not mirrored) > - Outbound 25 is opened. (not mirrored) (I know this one is also > implied by the upper one but just to make shure. > > The problem is I cant vissit any website or send any mail through port > 25 to an outside computer. When i unassign the policie everything > works fine! Please help!!! > > Greetings > > Arjen
- Next message: Henrik Nilsson: "Enterprise CA Server removed"
- Previous message: Nick: "Re: General Network Question"
- In reply to: Arjen: "IPSec policie is not working like it should"
- Next in thread: Arjen Steur: "Re: IPSec policie is not working like it should"
- Reply: Arjen Steur: "Re: IPSec policie is not working like it should"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
