Re: IPsecpol and DNS lookup question

From: Steve Riley \(MSFT\) (steriley@microsoft.com)
Date: 12/18/02

Next message: Sun: "What is happening to my email??"
Previous message: Steve Riley \(MSFT\): "Re: Cached login credentials and password expiration"
In reply to: Jane Tunnicliff: "IPsecpol and DNS lookup question"
Next in thread: Karl Levinson [x y] mvp: "Re: IPsecpol and DNS lookup question"
Reply: Karl Levinson [x y] mvp: "Re: IPsecpol and DNS lookup question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Steve Riley \(MSFT\)" <steriley@microsoft.com>
Date: Tue, 17 Dec 2002 22:13:29 -0800

I presume you mean DNS *name* when you say "DNS address."

Remember that the computer will have to perform a DNS lookup if you use DNS
names in IPSec filter lists. Make sure that your policy is allowing access
to your DNS servers so that name resolution can occur.

--
--------------------------------
Steve Riley
MCS Security Consulting Practice
steriley@microsoft.com
--------------------------------
"Jane Tunnicliff" <jtunn@uwpn.org> wrote in message
news:e06gzCgpCHA.2444@TK2MSFTNGP10...
> I have been using the Win 2 K command line IPSec tool, IPsecpol.exe.   I
> have a filter that is configured to allow traffic to and from a particular
> DNS address.  I can ping the DNS address successfully (it is a group of
> multiple time servers).  If I set the filter to allow traffic to and from
> the DNS address it fails.
> If I set the filter to allow traffic to and from a specific IP address
> (within that DNS group), then the filter works just fine.
>
> We are not running Active Directory DNS within our domain.  Does anyone
know
> if IPSecpol filters, in static mode, can be configured to use a DNS
address
> instead of an IP address?
>
> Thanks for any information.
>
>

Next message: Sun: "What is happening to my email??"
Previous message: Steve Riley \(MSFT\): "Re: Cached login credentials and password expiration"
In reply to: Jane Tunnicliff: "IPsecpol and DNS lookup question"
Next in thread: Karl Levinson [x y] mvp: "Re: IPsecpol and DNS lookup question"
Reply: Karl Levinson [x y] mvp: "Re: IPsecpol and DNS lookup question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Spam solutions - written smtp sink or spam software?
... that his client has a messed up DNS record and that's why you rejected it. ... I think you will find that the quality anti spam solutions out there work ... MVP - Exchange ... >I am looking for a spam filter. ...
(microsoft.public.exchange.admin)
Update
... I rebooted my ISA server and DNS lookups started to pass via ISA even ... > Do I need to have enabled the DNS filter that comes with default ISA ...
(microsoft.public.isa)
Re: IPsecpol and DNS lookup question
... To clarify - I already have an IPSec filter that allows traffic to and from ... DNS resolution is working fine. ... I am attempting to add another filter. ... NTP servers) instead of directing the filter to a single NTP server IP ...
(microsoft.public.security)
Re: Help With DNS Through VPN
... the pre-defined DNS lookup filter is used to allow DNS queries FROM ... You need to allow DNS queries TO ISA - not the ... your DNS server on the ISA2000 machine, see this excellent article by Tom ...
(microsoft.public.isa)
Re: SMTP Woes
... You might want to look at the Exchange Intelligent Message Filter first, ... One often neglected area is to take a look at who is hitting your DNS ... send 10's or 100's of requests a day to your DNS server? ... to anyone except your ISP). ...
(microsoft.public.exchange.admin)