RE: [Firewalls] IPSec

From: Jayant Shukla (jshukla@trlokom.com)
Date: 12/30/02 

From: "Jayant Shukla" <jshukla@trlokom.com>
Date: Mon, 30 Dec 2002 13:33:13 -0800

> -----Original Message-----
> From: firewalls-admin@section5.cyberbase7.com [mailto:firewalls-
> admin@section5.cyberbase7.com] On Behalf Of Fritz deVries
> Sent: Monday, December 30, 2002 12:47 PM
> To: firewalls@section5.cyberbase7.com
> Subject: [Firewalls] IPSec
>
> Hi,
>
> iŽd like to set up IPSec on my windoze boxes so that they do proper
> identification before sending any packet to the internal LAN. On the
other
> hand working with my xDSL connection should be possible for every
machine
> in
> the LAN.
>
> Is it possible to configure a router machine (W2K) this way that it
does
> proper IPSec handshaking inside and does not outside the LAN? And
further
> -

You should be able to do this. Because you require secure communication
over LAN, you run into nested/cascaded tunnel issue with your remote
access VPN. Not a limiting factor, but it makes SPD definition a bit
complex.

> is it possible that you can decide on which ports inbound there shall
be
> IPSec and on which not?
>

This one is tricky. I do not know if VPN products will let you do this.
My guess is not because policies is based on IP address and not ports.

However if you are trying to deploy a web server, you can achieve this
by enabling unencrypted incoming WAN traffic, but limiting it to port 80
only.

If you wish, please try out the free version of our VPN, called OmniVPN,
from Tucows. Looks like you are trying to secure your WLAN while
allowing incoming connections to your server.

http://www.tucows.com/preview/295100.html

Hope that helps,
Regards,
Jay
www.trlokom.com

Relevant Pages

  • Re: How do I use IPSEC to create a basic firewall.
    ... Ipsec is best used to manage/protect traffic for the lan. ... > secure domain controllers by IPSEC, thus providing a basic firewall ... > response ports opened by connections going to the WAN. ...
    (microsoft.public.win2000.security)
  • IPSec
    ... identification before sending any packet to the internal LAN. ... Is it possible to configure a router machine this way that it does ... proper IPSec handshaking inside and does not outside the LAN? ...
    (comp.security.firewalls)
  • Re: assigning ip addresses on a secure way
    ... > superscope scenario to configure the DHCP to assign 10.3.ip s just to the ... >> allows you to filter mac addresses in a learn mode that can lock ports to ... >> configurations and can allow all computers internet access while not ... >> Within a domain ipsec by default will use kerberos authentication and any ...
    (microsoft.public.security)
  • Re: I am sick of windows firewall
    ... the XP FW if you need to stop outbound packets. ... I have made my adjustments to IPsec to supplement BlackIce ... the Windows networking ports even though BI was stopping ...
    (comp.security.firewalls)
  • Re: Windows 2003 Server RRAS and IPSEC
    ... You can check out the following link for info regarding the ports to be ... parallel firewalls or utilize filters like IPSEC to protect our servers (we ... 443, our campus DNS servers, and campus time servers. ... our campus dialup service then dialed the vpn connection to the new RRAS ...
    (microsoft.public.win2000.ras_routing)