Re: IPSEC Policy to secure TS

From: Steven L Umbach (n9rou@attbi.com)
Date: 02/19/03 

From: "Steven L Umbach" <n9rou@attbi.com>
Date: Wed, 19 Feb 2003 18:33:05 GMT

    Hi Chris. Sounds like you would need to use pre shared key in your
situation if you decide to use it. Ipsec will also require additional
firewall rules other than 3389 of course. KB24062 gives information about
setting up a pre-shared key for L2TP/IPSEC. Not all the article pertains to
your situation, but the part about configuring the shared key does. Good
luck. -- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.a
sp
http://support.microsoft.com/?kbid=240262

"Chris" <firenet@optonline.net> wrote in message
news:04ad01c2d83c$16ab5600$2f01280a@phx.gbl...
> Thanks for responding!
>
> The computers are not in the same network. This is for
> computers accessing the TS from across the internet.
>
> Chris
>
> >-----Original Message-----
> >Oops wrong KB. --- Steve
> >
> >http://support.microsoft.com/default.aspx?scid=kb;EN-
> US;254949
> >
> >"Steven L Umbach" <n9rou@attbi.com> wrote in message
> >news:Y_N4a.165146$iG3.19368@sccrnsc02...
> >> Hi Chris. Are the computers in the same forest??
> If not Kerberos
> >> authentication will not work. If you are using a
> secure server required
> >> policy, try server request policy to see if that will
> at least work and
> >> troubleshoot from there using ipsecmon, ping, etc. Try
> connecting to the
> >> Terminal Server by tcp/ip address instead of name if
> you have not tried
> >that
> >> yet. You may need to add a rule to your policy to
> exempt ipsec traffic
> >> to/from a domain controller per KB254728.. --- Steve
> >>
> >> http://support.microsoft.com/?kbid=254728
> >>
> >> "Chris" <firenet@optonline.net> wrote in message
> >> news:093d01c2d7cc$2b976ec0$3301280a@phx.gbl...
> >> > Hello,
> >> > I created an IPSEC filter list to match Terminal
> Service
> >> > packet, created an IPSec Policy to enforce
> protection and
> >> > then I enabled the policy. I did all according to
> the MS
> >> > article 315055. But, now my Windows XP RDP client
> can no
> >> > longer connect to the Terminal Server on Port 3389.
> Does
> >> > anyone know what the problem could be? Many Thanks,
> >> >
> >> > Chris
> >>
> >>
> >
> >
> >.
> >

Relevant Pages

  • Re: domain users force only local server access
    ... You can restrict computers using ipsec policies. ... complex topic and domain controllers need to be exempt from any policy to ...
    (microsoft.public.win2000.security)
  • Re: Preventing PCs from accessing the network
    ... Ipsec policies can be used to prevent non domain computers from accessing domain ... resources if the resource computer has a "ipsec require" policy. ... or port isolation. ...
    (microsoft.public.win2000.networking)
  • Re: Green Admin - Brute Force Attack - Pls Help
    ... Ipsec configuration is very similar [if ... specifics on how to use ipsec "filtering" policy to protect computers. ... is managing a network - particularly one in a hostile environment. ...
    (microsoft.public.security)
  • Re: IPSec and Group Policy
    ... Using netdiag I can now see the IPSec policies applied from the AD GP. ... reveal that the Group Policy and IPSec policy are in place. ... Further when I run the first test between the two computers (logged in as ...
    (microsoft.public.win2000.security)
  • Re: IpSEC in Windows an Unix system
    ... create an ipsec policy for Windows 2000/XP Pro/W2003 domain computers via ... Windows comes with three default configured ipsec policies ... ipsec security associations with Windows 2000 computers and the mmc Ipsec ...
    (microsoft.public.win2000.security)