with Secure server Ipsec I cannot get onto the internet

[david]

Hello,

I have a T1 line that connects to my linksys router which
routes everyone onto the internet, when I enable secure
server IPSEC I cannot get out into the internet. This is
the lvl of security I would like, is their anything I can
do to get out to the internet.

Any help will be appreciated, thank you very much.

David,

 

[Steven L Umbach]

That is because secure server "require" ipsec policy requires that ALL IP
traffic be secured with ipsec which would involve kerberos authentication
for computers if in a forest and thus it is impossible for communications
with computers outside of the forest such as anything on the internet.

Be careful with a require policy as if you do not exempt domain controllers
via their IP addresses in the policy you will have all kinds of problems
logging onto the domain and accessing resources. See the KB below for ipsec
within a domain and what is supported as described in the second paragraph

http://support.microsoft.com/?kbid=254949

To allow internet access, you will either need to use the server "request"
ipsec policy or modify your require policy to exempt non lan traffic
possibly only to specific lan computers while still protecting servers that
should not be accessing the internet. You could create a rule that requires
ipsec on only the lan IP subnet and would exempt all traffic other than your
lan. It is not possible to have ipsec secured traffic to and from the
internet on a general basis. The link below explains how to setup ipsec
policies that differ from default. --- Steve

http://www.securityfocus.com/infocus/1566

 

[david]

Steve,

Wow thanks for the quick response I will look further
into the issue.

David,