Re: Basic IPSec question.
- From: "Purtech" <mikek(remove)@hlit.net>
- Date: Mon, 6 Nov 2006 09:58:22 -0600
Thanks guys:
I am just posing a theoretical question.
I am learning IPsec (I thought you MS guys did "IPSec") and I know it
requires a SID in Group Policy to set it up. A SID for the Domain. So...the
question crossed my mind, how does it trust a router that doesn't join AD? I
want packets coming from the router/firewall allowed.
I am supposing you have to make an exception in the firewall then.
That's all. (Just discussing it helps... like what Roger said below.)
thanks!
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
news:ujzA378$GHA.204@xxxxxxxxxxxxxxxxxxxxxxx
I think you need to clarify what you are attempting/asking.
The IPsec Bypass flag only has affect in allowing an incoming
pack that is received within IPsec authentication to bypass the
Windows Firewall. That is, if an IPsec security association had
been set up, then packets received within that sa are allowed to
not also have to meet the definitions in the Windows Firewall.
I can see no way that this has anything to do with routers.
"Purtech" <mikek(remove)@hlit.net> wrote in message
news:edmbVk4$GHA.5060@xxxxxxxxxxxxxxxxxxxxxxx
So if I get IPSec bypass running on my internal network, how do I handle
a router that is attached to the Internet?
A 3rd party router won't be joined to AD. ----Now this is without ISA.
Do I make Exceptions for it? (WF is up.) Or is there another or preferred
way? Are there routers that can join AD?
Thanks
.
- Follow-Ups:
- Re: Basic IPSec question.
- From: Roger Abell [MVP]
- Re: Basic IPSec question.
- References:
- Basic IPSec question.
- From: Purtech
- Re: Basic IPSec question.
- From: Roger Abell [MVP]
- Basic IPSec question.
- Prev by Date: Re: domain admin account impersontating
- Next by Date: Re: Fingerprint
- Previous by thread: Re: Basic IPSec question.
- Next by thread: Re: Basic IPSec question.
- Index(es):
Relevant Pages
|
|
