Need help with IPSec

G

GJ

Hello,

On my Windows 2000 Web server, I've assigned an IPSec policy I created, and
have run into DNS issues. The filter is configured to block all but the
following ports:

20 (TCP)
21 (TCP)
25 (TCP and UDP)
53 (TCP and UDP)
80 (TCP)
443 (TCP)
3389 (TCP)

I can access the web and ftp site fine, and can connect with Terminal Svcs,
but the server cannot send mail with the smtp service. An error is logged in
the event viewer about the server not being able to find the destination
domain, some kind of DNS error (don't have the exact error with me right
now, sorry). Also, I can't browse the web from the server either. I assume
this is a name resolution issue - do I need to open any other ports to
resolve this?

Thanks.
 
S

Steven L Umbach

If you want to web browse from the server you need to make sure that
outbound port 80 TCP is allowed and for internet dns name resolution port 53
UDP will need to be allowed for access to either your ISP dns server or the
root dns servers. Inbound ports to 53 would only be needed if you are
offering dns server on your web server to internet users. --- Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Trouble IPSec Packet Filter and Mailserver 1
TCP/IP Filtering Problem 2
About Ports 1
TCP/IP Filtering 2
the protocols&ports required for win2000 DCs' synchronize 1
DHCP management, port number 2
What these ports for? 1
Need IPSec Help 1

Top