Re: automated IPSEC policy creation and SMB traffic
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 10/27/05
- Next message: Steven L Umbach: "Re: how do I identify where a port address is coming from"
- Previous message: Bryan Hunt: "Re: IAS & Fully-Qualified-User-Name"
- Maybe in reply to: Roger Abell [MVP]: "Re: automated IPSEC policy creation and SMB traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Oct 2005 09:52:48 -0700
Let us be clear here.
Setting it up with cmdline tools (defining and assigninng) the IPsec
policy must be sensitive to the OS version as the tools differ.
Setting it up as in a network connection setup (binding) then used
the rules of the effective IPsec policies on the machines.
If you want a tunnel then you are talking about using VPN.
-- Roger Abell Microsoft MVP (Windows Server : Security) MCDBA, MCSE W2k3+W2k+Nt4 "UWide User" <iseek2no@nospam.postalias> wrote in message news:A059A536-9E9A-4935-AFFA-F0D03CE94FC3@microsoft.com... >I will be using Windows 2003 to initiate the connection to both >Win2000/2003 > servers. Also, there will be no VPN just IPSEC. Unless it is possible to > set > that up with the same command. I was thinking maybe an IPSEC tunnel > between > two servers and traffic flows over that tunnel; similar to SSH. Is this > posible? How and what port(s) do I open in the firewall? > ----------- > Anyone who knows everything, leads a pretty boring life > > > "Roger Abell [MVP]" wrote: > >> What OS versions are involved? >> There are commandline tools for defining an IPsec filter (use the IPsec >> context >> of netsh in W2k3, for W2k you need the ipsecpol download, if XP is >> involved >> see >> the ipseccmd utility in XP) >> What you need to do at the firewall depends on what you are doing. If >> you >> are >> using IPsec for L2TP VPN with the VPN servers inside then it is just VPN >> traffic >> you need to let through, while if it is just IPsec protected packets, >> then >> the packets >> are whatever they are (i.e. from./to ports) but the payload of the packet >> is >> protected >> to the extent IPsec is used. >> >> -- >> Roger Abell >> Microsoft MVP (Windows Server : Security) >> MCDBA, MCSE W2k3+W2k+Nt4 >> "UWide User" <iseek2no@nospam.postalias> wrote in message >> news:096FA4E1-C0DA-4FCF-AEDD-4ED081AFA03E@microsoft.com... >> > Hello, can anyone point me in the right direction as to how to create >> > an >> > IPSEC policy using vbscript/batch file. I would like to automate this >> > proceedure for several remote sites. The remote sites have servers that >> > will >> > need to have data synced via robocopy with a central backup server at >> > our >> > home site. Since robocopy uses SMB, I figured IPSEC would be the best >> > (and >> > only native) solution for securing the transfer. Am I wrong? Is there a >> > better option? I do not want to have to use rsync on Windows. >> > Also, in doign this what ports need to be opened in our local and >> > remote >> > firewalls? Do I just get IPSEC working then use whatever app I want or >> > will I >> > need to open SMB/Netbios ports (please say no)? >> > Thanks in advance! >> > >> > ----------- >> > Anyone who knows everything, leads a pretty boring life >> >> >>
- Next message: Steven L Umbach: "Re: how do I identify where a port address is coming from"
- Previous message: Bryan Hunt: "Re: IAS & Fully-Qualified-User-Name"
- Maybe in reply to: Roger Abell [MVP]: "Re: automated IPSEC policy creation and SMB traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
