Re: Configuring Port range in IPsec
From: Herb Martin (news_at_LearnQuick.com)
Date: 01/08/05
- Next message: Suresh Chandra: "ActiveX controls and Non-Admin Users"
- Previous message: Herb Martin: "Re: Is every user a member of Users?"
- In reply to: Steven L Umbach: "Re: Configuring Port range in IPsec"
- Next in thread: Steven L Umbach: "Re: Configuring Port range in IPsec"
- Reply: Steven L Umbach: "Re: Configuring Port range in IPsec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 8 Jan 2005 03:29:46 -0600
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uCITVjO9EHA.3416@TK2MSFTNGP09.phx.gbl...
> You can not configure a port range in a single filter entry for an ipsec
> policy. You can either use an IP address or subnet when creating a filter
> entry for an ipsec rule. --- Steve
>
It's one of the serious weaknesses of the IPSec
filter rules.
I wrote a "generator" in Perl which builds the
IPSec rules from a table (sort of) because at
least one of my machines runs close to a 1000
rules/filter sets.
Even this is not a full solution because at a 1000
rules it can significantly impact the machines
performance for up to an hour when the rules are
re-applied.
Better would be for the filters to accept such
information and handle it efficiently.
-- Herb Martin
- Next message: Suresh Chandra: "ActiveX controls and Non-Admin Users"
- Previous message: Herb Martin: "Re: Is every user a member of Users?"
- In reply to: Steven L Umbach: "Re: Configuring Port range in IPsec"
- Next in thread: Steven L Umbach: "Re: Configuring Port range in IPsec"
- Reply: Steven L Umbach: "Re: Configuring Port range in IPsec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
