IPSec policy

J

Joel Gacosta

Hello All,

I want to implement IPSec policy on my server with 2 ethernet cards(one with
public IP connected to Internet and one connected to private LAN). I want to
filter incoming traffic on public IP to allow only port 80 while allowing
all outbound traffic from my private LAN to pass. How can I accomplished
this using IP Filter List?

thanks in advance!
 
S

Steven L Umbach

Ipsec is a non stateful packet filtering mechanism and you will not really
be able to do what you want if you want to allow all outbound traffic
because you will have to create a mirrored rule to allow traffic back into
any port/protocol which will effectively leave everything open. If you want
to allow only specific outbound traffic you can built a more effective
packet filtering firewall. Ipsec is not meant to be an internet firewall, at
least as the first line of defense. A much better solution would be to get
an inexpensive NAT router/firewall to protect your server. If you still want
to pursue ipsec, see the link below on how to configure a policy with permit
and deny filter actions. If you want a filter to apply to only a particular
network adapter, enter the IP address of that network adapter instead of "
my IP " in the filter source or destination. --- Steve

http://www.securityfocus.com/infocus/1559
http://support.microsoft.com/kb/811832 -- ipsec information on default
exemptions.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IP IPSEC Policy blocking ping 5
IPSec on webserver 3
IPSec Vs Firewall software 2
Custom IPsec policy not allowing me to get intenret resolution 3
IPSec and TCP/IP filtering 3
Windows 2000 IPSec Not Blocking Traffic 2
IPSec filter to allow only sending e-mail 4
IPSec filter bug? 2

Top