Re: IPsec Policy to allow web browsing

From: karl [x y] (jamescagney90210@excite.com)
Date: 10/12/02


From: "karl [x y]" <jamescagney90210@excite.com>
Date: Sat, 12 Oct 2002 09:23:12 -0400


I think you really need logging, something IPsec under Win2000 doesn't do at
all.

I recommend using a third party firewall software such as www.sygate.com
instead. Or if you really want to use IPsec, you could run sygate for a
short time to determine what ports are being used, then remove it and use
the information in the sygate logs to build IPsec filters. Or if you don't
like that, use Network Monitor which comes with Windows 2000 [under start,
settings, control panel, add remove programs, add remove windows components]
or any free third party sniffer software such as www.ethereal.com or windump
at http://windump.polito.it to get the same traffic logging.

"Tony" <tandcwong@attbi.com> wrote in message
news:c94d262c.0210111131.1f57a1e@posting.google.com...
> I am trying to lockdown my server with ipsec policy.
>
> I have restricted machines from a subnet to allow mapped drives to
> this machine. This seems to be work by opening up port 135 and 445
>
> but I would also like to allow this machine to map to other drives on
> the network. but it is not allowing me to.
>
> I have a deny rule to deny all. Then I allow what I want in or out.
>
> Please help



Relevant Pages

  • Re: IS DoS security solution is IPSEC?
    ... Why DoS,DDoS,Man in middle attacks are there still in a Internet ... :world besides WE got a better protocol IPSEC? ... How do you prove to that trusted third party that you ... "But how about credit cards? ...
    (comp.security.misc)
  • IPSec VPN client for Win 98?
    ... Does Win 98/ME support IPSec as a VPN client or do I need a third party ... I'd prefer IPSec rather than PPTP. ...
    (comp.security.firewalls)
  • IPSec VPN client for Win 98?
    ... Does Win 98/ME support IPSec as a VPN client or do I need a third party ... I'd prefer IPSec rather than PPTP. ...
    (comp.security.firewalls)
  • Re: Audit logons from outside local ip range
    ... > implement a software firewall to track logon attempts from unauthorized IP ... > address as you can with Ipsec filtering policy, ... > give you the kind of logging you want and is more difficult to configure ... >> I know how to setup enabling logging successful and unsuccessful logins. ...
    (microsoft.public.windows.server.security)
  • Re: IPSEC
    ... There is no way to do general logging with ipsec in Windows 2000. ... offer some logging such as for dropped packets. ... software firewall such as Sygate to have some logging. ...
    (microsoft.public.win2000.general)