Re: Need IPSec Help

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 09/23/04 

Date: Thu, 23 Sep 2004 06:10:25 GMT

It sounds like your ipsec policy is blocking initiated outbound traffic to ports
80/443 [https] and 25 TCP and probably 53 UDP. I prefer a hardware firewall or
software firewall to ipsec in most situations but when I do use it I start out with a
block all IP rule and then create a rule for the allowed exceptions for inbound and
outbound including ICMP if I want to use ping. The outbound mirrored rule would need
to be source address my address, destination address any [or specific server], source
port any, destination port 25, protocol 25 for SMTP for instance. The link below may
be of help. --- Steve

http://www.securityfocus.com/infocus/1559

"George J" <gjewell@houston.rr.com> wrote in message
news:KHq4d.13357$Qb.5937@fe2.texas.rr.com...
> Hello,
>
> I've set up an IIS 5 webserver running http, ftp, and smtp. I've assigned an
> IPSec policy to accept connections to the following ports: 20, 21, 25, 53
> (tcp and udp), and 80. I can connect to the website fine, and ftp in also,
> but the smtp server is not able to send email msgs. They hang in the queue
> folder and eventually end up in the badmail folder. Also, I cannot ping or
> connect to any outside hosts (using IE).
>
> Does anyone have any recommendations as far as what other ports I would need
> to open? I can live without IE being able to connect to any remote sites,
> but I do need the smtp functionality.
>
> BTW, I previously tried the same routine using TCP/IP Filtering, and got the
> same results.
>
> Any help would be appreciated.
>
> Thanks.
>
>
>

Relevant Pages

  • Re: SBS2003 and POP3 / SMTP port forwarding
    ... Believe Bill's original post was referring to his hardware ... outbound SMTP (I feel that ISA should not permit by ... seems to also create an outbound SMTP PF permitting by ... >does at home where there are no ports on my network open ...
    (microsoft.public.windows.server.sbs)
  • Re: I am sick of windows firewall
    ... I use the AnalogX IPsec rules to supplement BlackIce ... need IPsec to stop outbound that BlackIce cannot do by ... attempts on the Windows networking ports even though BI ... supplemental packet filtering solution. ...
    (comp.security.firewalls)
  • Re: security advice (possible hacker activity?)
    ... Well, it's entirely up to you, but usually blocking all ports both outbound ... trojan or worm is installed onto the web server. ... the IIS web server. ...
    (microsoft.public.inetserver.iis.security)
  • Re: security advice (possible hacker activity?)
    ... Well, it's entirely up to you, but usually blocking all ports both outbound ... trojan or worm is installed onto the web server. ... the IIS web server. ...
    (microsoft.public.win2000.security)
  • Re: Question regarding firewalls
    ... In an SBS domain, what firewall ports are really needed for most ... 110 if they use POP3 on external server ... Your clients should need only HTTP and HTTPS outbound, ...
    (microsoft.public.windows.server.sbs)
Quantcast