Re: IPSec Security
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 25 Jan 2006 22:45:45 -0600
On the computers on network 172.18.6.100 create an ipsec policy that has a
mirrored rule for filter action block for the ports you mention for all IP
addresses and then create a rule for the allowed subnets with a permit
filter action. For computers on 172.18.6.100 you would want to use
destination ports as SMB 13x ports, protocols as needed, and 445 and
destination address as "my IP" . The link may help in setting up ipsec
filtering policy. Note that this may not stop "browsing" which is largely
broadcast based but should prevent access to the share from blocked
networks. Of course share/NTFS permissions should also be configured as to
not allow unauthorized users/groups access. --- Steve
http://www.securityfocus.com/infocus/1559
<bucrepus> wrote in message news:OvpnONSIGHA.2696@xxxxxxxxxxxxxxxxxxxxxxx
> For the sake of simplicity, I have 2 xp stations and 1 win2003 server as
> router with 2 NICS. (actually have numerous machines on each side subnet)
> XP station1 on 172.18.6.100 and XP 2 on 192.168.0.100. One server nic
> 172.18.6.1 and the other 192.168.0.1. I want to be able to copy / browse
> files from XP1 to XP2, but NOT allow XP2 to browse / see any machines on
> XP1's side. I have tried using IPSec to block the SMB 13x ports and 445,
> but
> cant seem to get the right combo. Any ideas? in other words, I dont want
> anyone on XP2 to be able to go to the run box and type \\XP1 or
> \\172.18.6.100 and get a browse window or share list. (One way copy /
> list)
> Thanks
> Bucrepus
>
>
>
.
- Follow-Ups:
- Re: IPSec Security
- From: Roger Abell [MVP]
- Re: IPSec Security
- References:
- IPSec Security
- From: bucrepus
- IPSec Security
- Prev by Date: Re: www service hangs - Please help
- Next by Date: Re: IPSec Security
- Previous by thread: Re: IPSec Security
- Next by thread: Re: IPSec Security
- Index(es):
Relevant Pages
|
