Re: IPSec Policy
From: Jordan Samulaitis (jordan_at_jvsDELETEnetworks.com)
Date: 03/01/05
- Next message: Al Dunbar [MS-MVP]: "Re: Deny _WRITE_ access to a file"
- Previous message: Juan Villegas Azuaje: "Re: How to include a "Power Users" group to be include in a GPO"
- In reply to: Steven L Umbach: "Re: IPSec Policy"
- Next in thread: Steven L Umbach: "Re: IPSec Policy"
- Reply: Steven L Umbach: "Re: IPSec Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 28 Feb 2005 20:26:23 -0600
Steven,
Thank you for replying; I am not quite sure if you are understanding my
problem, I made an IPSec AD policy on my windows server 2003 box to
require security for anything that is port 80.
I am getting a page cannot be displayed error... or page unavailable.
The Client is Windows XP PRO and the server is 2003 standard.
My problem is I am getting a page cannot be displayed when trying to connect
to
http://192.168.1.110 <-- my local intranet server.
The policy I created was to make sure everything under port 80 is encrypted.
All Web Traffic - Require Security - Authentication - Kerberos - Tunnel
Endpoint NONE - Connection Type: All
And within that in the IP Filter List I have selected and created a new
IPFilter List "All Web Traffic"
Within there I have selected TCP has a protocol type. and under the set the
ip protocol port: I selected the To this port radio and inputed port 80
I dont know what I am doing wrong here...
Hope this clairifys things for you,
Jordan
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:u8tny7eHFHA.908@TK2MSFTNGP12.phx.gbl...
> The client computer needs a compatible ipsec policy such as the
> client/respond ipsec policy or a custom policy you create. Also you must
> exempt the domain controller from the ipsec policy with a rule that has a
> permit action for traffic to and from the dc by it's static IP address or
> you will have problems as domain controllers do the authentication. You
can
> use netdiag /test:ipsec to see ipsec info on a Windows 2000 computer
> including any policy assigned and for XP Pro/W2003 use the two IP security
> mmc snapins. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;254949
>
> "Jordan Samulaitis" <jordan@jvsDELETEnetworks.com> wrote in message
> news:%23eeaaxUHFHA.720@TK2MSFTNGP10.phx.gbl...
> > Hello,
> >
> > I created an IPSec policy for port 80 on my server to require security
> > using
> > AH and ESP. When I logon my workstation to the domain it does not
display
> > the page, but I can view the local server webpage from the server. What
> > do
> > I need to do to my workstation?
> >
> > P.S - I did a gpupdate /force before letting the workstation to logon
the
> > network.
> >
> > Thanks in advance,
> >
> > Jord
> >
> >
>
>
- Next message: Al Dunbar [MS-MVP]: "Re: Deny _WRITE_ access to a file"
- Previous message: Juan Villegas Azuaje: "Re: How to include a "Power Users" group to be include in a GPO"
- In reply to: Steven L Umbach: "Re: IPSec Policy"
- Next in thread: Steven L Umbach: "Re: IPSec Policy"
- Reply: Steven L Umbach: "Re: IPSec Policy"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
