Re: IPSec on webserver
- From: "Miha Pihler [MVP]" <mihap-news@xxxxxxxxxxx>
- Date: Thu, 5 Oct 2006 11:27:25 +0200
Hi,
As long as server is not part of domain it won't be able to use Kerberos as
authentication and it will either use certificates or pre-shared secret
depending on your configuration. Kerberos only works in domain.
What is your goal with these filters? Just filtering traffic or also
encrypting it between server and your network?
--
Mike
Microsoft MVP - Windows Security
<rolf@xxxxxxxxxxxx> wrote in message
news:1160034545.449588.317000@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi all,
Im using IPsec to help lock down a webserver. I have a simple block
rule for all UDP and TCP traffic then various rules to allow sql server
trafic from 'allowed' IPs, terminal services and https, http traffic
plus ftp. Most of the ruleset I originally copied from here;
http://homepages.wmich.edu/~mchugha/w2kfirewall.htm
The webserver is not part of any domain and is hosted remotely.
At the local office the intranet runs behind a public IP. That IP is
given access through the IPsec policy. It does work but periodically
the connection takes 5-10 seconds to authenticate. Without the IPsec
policy enabled it is instantaneous.
The local intranet is on a domain with AD and DHCP etc. DNS resolving
is done via the router, no netbios is used.
Is there something I should do at the intranet end to 'help' this speed
issue...?
Any help greatly appreciated as Im having no luck.
PS Ive also tried reducing the number of rules (there were only 6 or so
anyways), everything is set to authenticate using kerbos.
.
- Follow-Ups:
- Re: IPSec on webserver
- From: rolf
- Re: IPSec on webserver
- References:
- IPSec on webserver
- From: rolf
- IPSec on webserver
- Prev by Date: Re: Granting access to HKLM/Software/<application>
- Next by Date: Re: Granting access to HKLM/Software/<application>
- Previous by thread: IPSec on webserver
- Next by thread: Re: IPSec on webserver
- Index(es):
Relevant Pages
|
