Re: IPsec and Win2K

From: Daniel Angelucci (angelucc@nospam.duke.edu)
Date: 10/21/02

• Next message: Joe Cave: "failure audit - directory service access - event id 565"
• Previous message: Anne Ford: "AD Delegation: Seeking guide to dssec.dat"
• In reply to: Ken: "IPsec and Win2K"
• Next in thread: Ken: "Re: IPsec and Win2K"
• Reply: Ken: "Re: IPsec and Win2K"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 21 Oct 2002 15:34:15 -0400
From: Daniel Angelucci <angelucc@nospam.duke.edu>

You need to create a policy in the under secpol.msc, IP Security
policies. It should have the default response rule, and use Kerberos.
After the default response rule, you should see a tabbed dialog with the
IP Filter list. Add a filter, give it a name and description then
unclick the "use add wizard" box and click Add.

source address is my address. Destination address, select "A specific
IP subnet and put the appropriate address and mask in. Make sure the
mirrored box is check. On the protocol tab, click Any and describe the
filter appropriately. Click OK. Once back at the New Rule tabbed
display, click on filter action. Select Permit. The click OK.

Now you should be back at the New IP Secuirt Policy display. Click add.
select the All IP traffic filter. for filter action select block.
click OK. click OK. Right click on your new policy and assign.

IPSec always uses the least restictive filter that matches the traffic,
so even though you are telling it to block all IP traffic, once it
matches the rule for your subnet, the traffic should be allowed.

Let me know if you have problems.

BTW, Macs rule!

Dan

Ken wrote:
> Hello all,
>
> I am running a Windows 2000 advanced server box for file sharing between PC
> and Macintosh, and for a print server.
> I want to secure it so it only talks to my local network (192.168.0.0). I do
> not need it to talk to the outside world. I am setup on a NAT router. Was
> looking at the IPsec feature but I am not sure it will do what I need. Am I
> looking in the right direction.
>
> thank you
>
> Ken
>
>

• Next message: Joe Cave: "failure audit - directory service access - event id 565"
• Previous message: Anne Ford: "AD Delegation: Seeking guide to dssec.dat"
• In reply to: Ken: "IPsec and Win2K"
• Next in thread: Ken: "Re: IPsec and Win2K"
• Reply: Ken: "Re: IPsec and Win2K"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Mailbox Manager Policies ... If you havent already try using the Advanced tab to build your query. ... >Here is an example of the policy. ... >as a rule set (Email Retention Store and "Processing"). ... >> This will create a report that you can look at to make sure your filter is correct. ... (microsoft.public.exchange.admin) Re: Move W2K3 server to its own OU seperate from SBS (MyBusiness) OU ... I would like to filter these two ... policies from inheriting the default domain policies of the SBS server. ... Policy it is because I cannot manage it from the local machine. ... (microsoft.public.windows.server.sbs) RE: Mailbox Manager Policies ... This will create a report that you can look at to make sure your filter is correct. ... >Thread-Topic: Mailbox Manager Policies ... I show the context of the policy ... >to apply against the one user in that particular store, ... (microsoft.public.exchange.admin) Re: Group Policy Lofon Script ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Small Business Server Auditing Policy ... Filtering: Denied ... (microsoft.public.windows.server.sbs) Re: Clean Up Mailboxes??? () ... If you do a search using the filter rule, the objects it lists will have the ... recipient policy applied to them, ... >> There are two ways to run Mailbox management, ... (microsoft.public.exchange.admin)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint