Re: Setup firewall using W2K IPSec MMC snap-in?

From: Steven L Umbach (n9rou@attbi.com)
Date: 03/25/03

Next message: Rabid_Roach: "Re: shares in 2000"
Previous message: Torgeir Bakken (MVP): "Re: running patches as admin"
In reply to: HuntBchGuy: "Setup firewall using W2K IPSec MMC snap-in?"
Next in thread: Karl Levinson [x y] mvp: "Re: Setup firewall using W2K IPSec MMC snap-in?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Steven L Umbach" <n9rou@attbi.com>
Date: Tue, 25 Mar 2003 21:55:20 GMT

If implemented correctly what you are attempting should work. Try
just enabling the permit rule to see if results are as expected. Make sure
the permit policy actually is using the permit action. Use ipsecmon utility
to see what is going on. If you are trying internet access did you remember
to add mirrored filters to allow outbound port 53 udp/tcp for dns. ---
Steve

"HuntBchGuy" <huntbchguy@hotmail.com> wrote in message
news:xE0ga.15289$hz3.882@fe06.atl2.webusenet.com...
> Hello,
>
> I've installed the IPSec MMC snap-in and am trying to get a firewall
going.
>
> I've defined a firewall security policy with a few security rules and
> assigned it.
>
> For my local LAN I allow all ICMP traffic but have one Block rule and one
> Permit rule for IP traffic.
>
> My block rule blocks all TCP traffic and my permit rule permits traffic
only
> on the ports I've specified in a filter list.
>
> Will this work?
> Am I correct to assume that blocking all ports in one rule and permitting
> ports in another rule will allow access to permitted ports?
>
> The problem I'm seeing is that if I disable my block and permit rules, all
> ports are permitted (ie. accessible).
> If I just enable my block rule, all ports are blocked.
> If I enable my permit rule and my block rule, all ports are block.
>
> Any ideas on what I'm doing wrong?
>
> Thanks,
>
> -Randy
>
>
> --
> "Trying is just the first step to failure."
>
>
>

Next message: Rabid_Roach: "Re: shares in 2000"
Previous message: Torgeir Bakken (MVP): "Re: running patches as admin"
In reply to: HuntBchGuy: "Setup firewall using W2K IPSec MMC snap-in?"
Next in thread: Karl Levinson [x y] mvp: "Re: Setup firewall using W2K IPSec MMC snap-in?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: keeping only ports 21 and 80 open
... depending on how your configuration is in XPE... ... configuration, under TCP/IP, and setup TCP/IP filtering, to permit all, ... permit only on TCP/UDP, and IP ports. ... The only real ports I see a potentail problem with is 13 this is ...
(microsoft.public.windowsxp.embedded)
RE: Blocking NetBios
... ports 139 and 445 will not respond to a port scan. ... Control Panel - Network - Internet Protocol Properties ... Use: Permit Only specific protocols. ... tcp 139 will not respond to port scans ...
(Security-Basics)
Re: IOS NAT
... To permit a range through the firewall: ... To NAT the range of ports: ... ip nat inside source static 1.1.1.1 2.2.2.2 route-map NAME extendable ...
(comp.dcom.sys.cisco)
Re: AOL Instant Messanger
... If you know the ports that are used you can implement an ipsec filtering policy to ... block those ports using permit and block filter rules. ... access though may require individual computer configuration unless you can import ...
(microsoft.public.win2000.group_policy)
Re: basic firewall with TCP IP filtering
... On my webserver I set "enable tcp ip filtering" to permit only TCP ports ... UDP ports permit only 53 and IP protocols set to permit all. ...
(microsoft.public.windows.server.security)