Re: IPSEC on two different NIC's

From: johnnny_b_good (johnbgood@happy.org)
Date: 11/05/02 

From: "johnnny_b_good" <johnbgood@happy.org>
Date: Mon, 4 Nov 2002 16:21:08 -0800

Ian,

Thank you so much for you help. I will try this and let
you know how it works out. Thanks again.

Johnny

>-----Original Message-----
>You can't specify the NIC exactly - you have to configure
the IPSec
>filtering policies so that it only operates on one NIC
and not the other.
>E.g.
>NIC1 = 135.41.5.1 on network 135.41.5.0/24 (internet)
>NIC2 = 10.1.1.1 on network 10.1.0.0/16 (intranet)
>IPSec rules will allow only inbound HTTP on NIC1 but will
allow all 10.1.x.x
>traffic on the other NIC.
>AnyIPAddress - to subnet - 135.41.5.0/255.255.255.0 -
dest port 80 - permit,
>mirrored
>AnyIPAddress - to subnet - 135.41.5.0/255.255.255.0 - any
port/protocol -
>block, mirrored
>subnet 10.1.0.0/255.255.0.0 - to subnet
10.1.0.0/255.255.0.0 - any
>port/protocol - permit, mirrored
>
>IPSec evaluates rules from most to least specific so the
port 80 permit rule
>will fire before the any port block rule.
>
>--
>Ian Hellen
>Principal Consultant, BCC Security Solutions
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>Use of included script samples are subject to the terms
specified at
>http://www.microsoft.com/info/cpyright.htm.
>Please do not send email directly to this email address,
This address is for
>newsgroup purposes only.
>
>
>"johnny_b_good" <johnbgood@happy.org> wrote in message
>news:bf4001c28439$abda2dc0$3bef2ecf@TKMSFTNGXA10...
>> Hi all,
>>
>> Quick question: Can I set up a W2K Server to have IPSEC
>> enabled on one physical NIC, but without IPSEC enabled
on
>> the second physical NIC? So that I might have one NIC
>> pointing inside to our LAN with IPSEC and one NIC
pointing
>> outside at the Internet with no IPSEC / plain old
TCP/IP?
>> If yes, please advise how or point me to the appropriate
>> resource.
>>
>> Thanks in advance,
>>
>> Johnny
>
>
>.
>

Relevant Pages

  • Re: Configuring Port range in IPsec
    ... IPSec is intended to validate traffic between two trusted peers, ... each port (what did you want for ports 20k-64k?) both tcp and udp. ... > Ports from 10000-20000 are open for all connections from segment 10.4.90.* ... > can specify a port range and a specify a segment. ...
    (microsoft.public.win2000.security)
  • Re: IPSec
    ... >In the Local Security Policy utility, ... destination, specify the ... >> I am trying to bind ipsec to one interface in Win2k Pro. ...
    (microsoft.public.win2000.security)
  • Re: IPSec
    ... In the Local Security Policy utility, create a new IPSec policy. ... than specify "My IP Address" as the source or destination, ... > I am trying to bind ipsec to one interface in Win2k Pro. ...
    (microsoft.public.win2000.security)
  • Re: IPSEC on two different NICs
    ... You can't specify the NIC exactly - you have to configure the IPSec ... will fire before the any port block rule. ... > pointing inside to our LAN with IPSEC and one NIC pointing ...
    (microsoft.public.win2000.security)
  • IPSEC on two different NICs
    ... Can I set up a W2K Server to have IPSEC ... pointing inside to our LAN with IPSEC and one NIC pointing ... Johnny ...
    (microsoft.public.win2000.security)