Re: Configuring Port range in IPsec
From: Herb Martin (news_at_LearnQuick.com)
Date: 01/09/05
- Next message: Roger Abell: "Re: Is every user a member of Users?"
- Previous message: David Beder [MSFT]: "Re: Configuring Port range in IPsec"
- In reply to: Steve Riley [MSFT]: "Re: Configuring Port range in IPsec"
- Next in thread: Steve Riley [MSFT]: "Re: Configuring Port range in IPsec"
- Reply: Steve Riley [MSFT]: "Re: Configuring Port range in IPsec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 9 Jan 2005 05:18:18 -0600
"Steve Riley [MSFT]" <steriley@microsoft.com> wrote in message
news:41300632408220999452032@news.microsoft.com...
> Remember that IPsec is really about creating authenticated and
(optionally)
> encrypted security associations between a pair of computers. Given that
primary
> design goal, it appears that port ranges aren't something that's required.
I disagree -- that may have been the original intention,
but it allows for three actions: Pass, Block, or negotiate
actual IPSec services.
The BLOCK and PASS are not only useful without
the IPSec they are better than any other built-in (and
ubiquitous) Windows blocking mechanism.
> I'm guessing that you'd like port ranges for simple block/allow rules --
For me you are largely correct.
> using the IPsec engine as a packet filter. Is that right? Or do you have
> a need for security associations with port ranges?
Someone might -- IPSec is vastly underutilized
by the majority of admistrators.
- Next message: Roger Abell: "Re: Is every user a member of Users?"
- Previous message: David Beder [MSFT]: "Re: Configuring Port range in IPsec"
- In reply to: Steve Riley [MSFT]: "Re: Configuring Port range in IPsec"
- Next in thread: Steve Riley [MSFT]: "Re: Configuring Port range in IPsec"
- Reply: Steve Riley [MSFT]: "Re: Configuring Port range in IPsec"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
