Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)

From: Shant Hotoyan (shotoyan_at_scelectric.ca)
Date: 06/27/03

• Next message: Torrey: "Re: My own personal story of "the weakest link""
• Previous message: Kent W. England [MVP]: "Re: Local Security Policy in Windows XP Home"
• Next in thread: Louise Bowman [MSFT]: "Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)"
• Reply: Louise Bowman [MSFT]: "Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 27 Jun 2003 12:48:30 -0400

I'm trying to setup an IPSec Filter policy to block assigned systems from
accessing the Internet. I've managed to create the filter lists and policy
successfully (created a policy with 2 filters, one blocks all traffic
to/from all addresses, and the other allows all traffic to/from all
addresses in our local subnet).

If I create the filters and policy locally on a system, everything works
fine and the system cannot access the Internet but can access the local LAN.
However if I create the exact same filter lists and policy onto the domain
and apply it through group policy, it doesn't work. GPResult shows that the
policy was applied to the system, and IPSecMon shows that IPSec is enabled
on the system, but the filter lists simply do not work.

Any ideas?

Thank you,
Shant Hotoyan, MCSE, CCNP
Network Administrator
S&C Electric Canada Ltd.

• Next message: Torrey: "Re: My own personal story of "the weakest link""
• Previous message: Kent W. England [MVP]: "Re: Local Security Policy in Windows XP Home"
• Next in thread: Louise Bowman [MSFT]: "Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)"
• Reply: Louise Bowman [MSFT]: "Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local security policy)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of local ... I'm trying to setup an IPSec Filter policy to block assigned systems from ... fine and the system cannot access the Internet but can access the local LAN. ... However if I create the exact same filter lists and policy onto the domain ... (microsoft.public.win2000.security) Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of lo ... It receives the policy from the domain, ... > retrieval happens when the system starts or at the defined IPSec policy ... >> addresses in our local subnet). ... >> However if I create the exact same filter lists and policy onto the ... (microsoft.public.security) Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of lo ... It receives the policy from the domain, ... > retrieval happens when the system starts or at the defined IPSec policy ... >> addresses in our local subnet). ... >> However if I create the exact same filter lists and policy onto the ... (microsoft.public.win2000.security) Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of lo ... Do the DC's have the same IPSec Policy that you are trying to apply to the ... "Shant Hotoyan" wrote in message ... I've managed to create the filter lists and>> policy ... (microsoft.public.security) Re: Using IPSec Filter to block Internet Access does not work from GPO (but works fine as part of lo ... Do the DC's have the same IPSec Policy that you are trying to apply to the ... "Shant Hotoyan" wrote in message ... I've managed to create the filter lists and>> policy ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint