Re: How do I use IPSEC to create a basic firewall.

From: Steven Umbach (n9zrou_at_nscomcast.com)
Date: 10/18/03

Next message: Steven Umbach: "Re: Sharing Rant"
Previous message: Diana: "RE: ezula"
In reply to: Bloke at the pennine puddle (Replace n.a.v.d with vodafone.net.): "How do I use IPSEC to create a basic firewall."
Next in thread: Jim C: "RE: How do I use IPSEC to create a basic firewall."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 18 Oct 2003 18:56:01 GMT

Ipsec is best used to manage/protect traffic for the lan. A firewall at the
perimeter should be first line if defense. Having said that, to answer your
question you need to create a block all rule that is mirrored. Then you create a
mirrored rule for the lan based on ip subnet and use permit for the action. For
other specific ports, rules need to be created such as udp port 53 for dns
resolution to the internet. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://www.securityfocus.com/infocus/1559
http://support.microsoft.com/default.aspx?scid=kb;en-us;313190
http://support.microsoft.com/default.aspx?scid=kb;en-us;811832

"Bloke at the pennine puddle (Replace n.a.v.d with vodafone.net.)"
<news006ddes@n.a.v.d> wrote in message
news:2k32pvc89oc2eq3llts1somjkkl9v1tvhb@4ax.com...
> Hope someone can assist.
>
> I read somewhere that on a Windows 2000 domain it is possible to
> secure domain controllers by IPSEC, thus providing a basic firewall
> where all inbound connections from the WAN are blocked, ecept from
> response ports opened by connections going to the WAN.
>
> I did read a document somewhere on how to do this, unfortunatly I
> didn't capture it and now I can't locate it.
>
> So, can anyone please assist?

Next message: Steven Umbach: "Re: Sharing Rant"
Previous message: Diana: "RE: ezula"
In reply to: Bloke at the pennine puddle (Replace n.a.v.d with vodafone.net.): "How do I use IPSEC to create a basic firewall."
Next in thread: Jim C: "RE: How do I use IPSEC to create a basic firewall."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: iptables configuration
... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ...
(comp.os.linux.security)
Re: How to stealth against ping/echo requests?
... I just started using the Online-Armor firewall. ... Some ports are even open. ... Are you behind a router? ... Every time it founds a new LAN, it asks if you want to trust it ...
(comp.security.firewalls)
Re: VPN not working when client behind another firewall
... The latest is that we have tested the ports and GRE ... >place a hardwarebased firewall router out in front of SBS ... This area is NAT-T over IPSec across ... >server to work when behind a NAT. ...
(microsoft.public.windows.server.sbs)
Re: Closing Open Ports
... open up a whole lot of ports you didn't really want to open. ... or virus could potentially disable IPsec. ... By comparison, the XP ICF firewall ... a TCP/IP filtering expert and can troubleshoot setup problems without a log ...
(microsoft.public.win2000.security)
Re: Dateien kopieren
... > IPsec Firewall alles blockiert. ... Du mußt soviele Ports öffnet, dass sich die Sinnfrage der Firewall ... IPSec-Verbindung auf den Server herstellen. ...
(microsoft.public.de.german.windows.server.general)