IPSec filtering vs. VPN

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely,microsoft.public.windows.server.security,microsoft.public.win2000.security (More info?)

Greetings,

I am using Microsoft IP Security Policy (on a Windows 2003 server) to drop
unwanted TCP packets like a firewall, as described here:

http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.mspx

My problem is that one of my servers is hosting a VPN (through RRAS), and no
matter what I do, I can't find a setting (other than "allow everything")
that makes the VPN usable.

I tried the following filter set:

Port 1723 protocol TCP from any IP address to my IP address
Port ANY protocol 47 from any IP address to my IP address
Filter action: Permit

That didn't work. Nor did using UDP port 47 in place of any port protocol
47.

What are the correct settings? My server hosts the VPN by means of 2
network cards; am I maybe applying the settings to the wrong card?

The settings applied to all the other port numbers (to permit HTTP, FTP,
etc., and block other things) are working as advertised.

Many thanks!
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

That's a good question... Does it work if you allow Protocol 47 from
any IP address to any IP address? I think the problem is in that
one...

Also, what type of error are you getting?

Jeffrey Randow (Windows Networking & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Wed, 16 Jun 2004 18:17:03 -0400, "Michael A. Covington"
<look@www.ai.uga.edu.for.information> wrote:

>Greetings,
>
>I am using Microsoft IP Security Policy (on a Windows 2003 server) to drop
>unwanted TCP packets like a firewall, as described here:
>
>http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.mspx
>
>My problem is that one of my servers is hosting a VPN (through RRAS), and no
>matter what I do, I can't find a setting (other than "allow everything")
>that makes the VPN usable.
>
>I tried the following filter set:
>
>Port 1723 protocol TCP from any IP address to my IP address
>Port ANY protocol 47 from any IP address to my IP address
>Filter action: Permit
>
>That didn't work. Nor did using UDP port 47 in place of any port protocol
>47.
>
>What are the correct settings? My server hosts the VPN by means of 2
>network cards; am I maybe applying the settings to the wrong card?
>
>The settings applied to all the other port numbers (to permit HTTP, FTP,
>etc., and block other things) are working as advertised.
>
>Many thanks!
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Thanks for responding. I'll get back to you...

"Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote
in message news:7qv1d0lvrru2qeee2o3k3v5nn7a64t4cde@4ax.com...
> That's a good question... Does it work if you allow Protocol 47 from
> any IP address to any IP address? I think the problem is in that
> one...
>
> Also, what type of error are you getting?
>
> Jeffrey Randow (Windows Networking & Smart Display MVP)
> jeffreyr-support@remotenetworktechnology.com
>
> Please post all responses to the newsgroups for the benefit
> of all USENET users. Messages sent via email may or may not
> be answered depending on time availability....
>
> Remote Networking Technology Support Site -
> http://www.remotenetworktechnology.com
> Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone
>
> On Wed, 16 Jun 2004 18:17:03 -0400, "Michael A. Covington"
> <look@www.ai.uga.edu.for.information> wrote:
>
> >Greetings,
> >
> >I am using Microsoft IP Security Policy (on a Windows 2003 server) to
drop
> >unwanted TCP packets like a firewall, as described here:
> >
>
>http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.mspx
> >
> >My problem is that one of my servers is hosting a VPN (through RRAS), and
no
> >matter what I do, I can't find a setting (other than "allow everything")
> >that makes the VPN usable.
> >
> >I tried the following filter set:
> >
> >Port 1723 protocol TCP from any IP address to my IP address
> >Port ANY protocol 47 from any IP address to my IP address
> >Filter action: Permit
> >
> >That didn't work. Nor did using UDP port 47 in place of any port
protocol
> >47.
> >
> >What are the correct settings? My server hosts the VPN by means of 2
> >network cards; am I maybe applying the settings to the wrong card?
> >
> >The settings applied to all the other port numbers (to permit HTTP, FTP,
> >etc., and block other things) are working as advertised.
> >
> >Many thanks!
> >
> >
> >
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom