Need IPSec Help

G

George J

Hello,

I've set up an IIS 5 webserver running http, ftp, and smtp. I've assigned an
IPSec policy to accept connections to the following ports: 20, 21, 25, 53
(tcp and udp), and 80. I can connect to the website fine, and ftp in also,
but the smtp server is not able to send email msgs. They hang in the queue
folder and eventually end up in the badmail folder. Also, I cannot ping or
connect to any outside hosts (using IE).

Does anyone have any recommendations as far as what other ports I would need
to open? I can live without IE being able to connect to any remote sites,
but I do need the smtp functionality.

BTW, I previously tried the same routine using TCP/IP Filtering, and got the
same results.

Any help would be appreciated.

Thanks.
 
S

Steven L Umbach

It sounds like your ipsec policy is blocking initiated outbound traffic to ports
80/443 [https] and 25 TCP and probably 53 UDP. I prefer a hardware firewall or
software firewall to ipsec in most situations but when I do use it I start out with a
block all IP rule and then create a rule for the allowed exceptions for inbound and
outbound including ICMP if I want to use ping. The outbound mirrored rule would need
to be source address my address, destination address any [or specific server], source
port any, destination port 25, protocol 25 for SMTP for instance. The link below may
be of help. --- Steve

http://www.securityfocus.com/infocus/1559
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IPSec and TCP/IP filtering 3
IPSec on webserver 3
IPSec Filtering 1
IPSec filter to allow only sending e-mail 4
IPsec and DCs 5
Need help with IPSec 1
FTP Thru IPsec 3
IPsec and UDP (SNMP) 1

Top