Re: IPSEC problem

From: Vic (kohvic_at_yahoo.com)
Date: 07/01/03 

Date: Tue, 1 Jul 2003 02:46:36 -0700

Louise Bowman,
Sorry for the late reply, been on holiday. Thanks for your
advise. I have finally got it to work with the clue from
you. Found that I need to create the following rules:
1) anyip to myip, anysourceport to 25
2) myip to anyip, 25 to anysourceport
3) anyip to myip, 25 to anysourceport
4) myip to anyip, anysourceport to 25

Thanks for your help :)
Vic
>-----Original Message-----
>Vic,
>
>There is no significance with mirrored or un-mirrored
weighting.
>However a closer look at your 2 rule shows that you
should possible have
>from port 25 to any as opposed to any to 25.
>
>That is:
>Allow My Server to access IP xxx.xxx.xxx.xxx from port
25 to any port.
>Permit. Mirroring not checked.
>
>This is most likely the issue.
>
>
>Louise Bowman (MSFT)
>IPSec STE
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>"Vic" <kohenghuat@techsemicon.com.sg> wrote in message
>news:035f01c33937$9dffaff0$a501280a@phx.gbl...
>> I have a stand alone server. I use IPSEC on this server
to
>> filter the packet. I have the following rules:
>> 1) Allow IP xxx.xxx.xxx.xxx to access My Server from any
>> port to port 25. Permit. Mirroring not checked.
>> 2 Allow My Server to access IP xxx.xxx.xxx.xxx from any
>> port to port 25. Permit. Mirroring not checked.
>> 3) Allow My Server to IP yyy.yyy.yyy.yyy from any port
to
>> port 80. Mirroring checked
>> 4) Block all ICMP traffic
>> 5) Block all Inbound traffic from ANY IP to MY Server.
>>
>> With the "Block all inbound traffic" activated, I
>> encountered all inbound to port 25 was blocked too.
Rules
>> 2 and Rules 3 was okay.
>>
>> By permitting "all inbound traffic" then rules 1 work. I
>> thought that IPSEC analyse the rules by taking the more
>> specific rule, but my case did not seem to be so. Where
>> did I go wrong?
>>
>> Thanks for any help rendered.
>>
>> Regards
>> Vic
>>
>
>
>.
>

Relevant Pages

  • Re: IPSEC problem
    ... Allow My Server to access IP xxx.xxx.xxx.xxx from port 25 to any port. ... Permit. ... Mirroring not checked. ...
    (microsoft.public.win2000.security)
  • Re: about mirroring port
    ... >also keep in mind port mirroring on a switch for the most part isn't ... >port mirroring on it. ... >I think it usually just copies the traffic on the switch itself. ... Exploiting Web Applications- A Step-by-Step Attack Analysis ...
    (Focus-IDS)
  • Re: mirroring cable model traffic
    ... Why not just pick up a Cisco 2950 and use port mirroring to accomplish this goal? ... Seams to me that it would be a bit simpler and more stable than an ancient hub or some handmade tap device. ... Subject: mirroring cable model traffic ...
    (Security-Basics)
  • IPSEC problem
    ... I have a stand alone server. ... I use IPSEC on this server to ... port to port 25. ... Mirroring not checked. ...
    (microsoft.public.win2000.security)
  • Re: Database mirroring
    ... Make sure that the mirror database is ready for mirroring. ... Make sure that the name and port of the mirror server instance are ... If either endpoint is not started, ... Make sure that the principal server instance is listening on the port ...
    (microsoft.public.sqlserver.clustering)