IPsec Policy
Results 1 to 8 of 8

Thread: IPsec Policy

  1. #1
    Senior Member
    Join Date
    Jun 2003
    Posts
    188

    IPsec Policy

    Hi everyone

    I wish to lockdown my Windows 2000 Proffessional box using IPsec i wish to implement the following policy

    1. Allow outgoing ICMP but accept only ICMP replies requested by me.
    2. Block all unwanted ICMP.

    Please help

  2. #2
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    yeah, I\'m gonna need that by friday...

  3. #3
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Hold down for a sec!
    I don't really understand the purpose of the thread here. u ask for IPsec policy but u r talking about firewalling features.
    r u 1 of these guys that think IPsec is a firewall?

    IPsec is designed for peer-to-peer or site-to-site flows with encryption, VPN tunneling, anti replay, certificates & so on...
    I wrote a thread on topic hereby: http://www.antionline.com/showthread...hreadid=243795
    [shadow] SHARING KNOWLEDGE[/shadow]

  4. #4
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    TCP/IP Filtering

    Windows Professional includes support for TCP/IP filtering. TCP/IP filtering allows you to specify exactly which types of incoming IP traffic are processed as the destination for each IP interface. This feature is designed to isolate the traffic being processed by Internet and intranet clients in the absence of other TCP/IP filtering provided by IPSec, the Routing and Remote Access service, or other TCP/IP applications or services. TCP/IP filtering is disabled by default.

    TCP/IP filtering is a set of input filters for non-transit TCP/IP traffic (traffic destined for the local host). Non-transit traffic is traffic that is processed by the host because the destination IP address of inbound IP datagrams is directed to an assigned interface address, appropriate subnet broadcast address, or multicast address. TCP/IP filtering does not apply to transit or routed traffic that is forwarded between interfaces.

    A packet is accepted for processing if it meets one of the following criteria:

    * The destination TCP port matches the list of TCP ports. By default, all TCP ports are permitted.
    * The destination UDP port matches the list of UDP ports. By default, all UDP ports are permitted.
    * The IP protocol matches the list of IP protocols. By default, all IP protocols are permitted.
    * It is an ICMP packet.

    You cannot filter ICMP traffic by using TCP/IP filtering. If you need ICMP filtering, configure IP packet filters by using Routing and Remote Access. For more information, see "Unicast IP Routing" in the Internetworking Guide of the Windows 2000 Server Resource Kit.

    Note

    * Protocols that are members of the TCP/IP protocol suite are frequently referred to simply as "IP Protocols".

    To configure TCP/IP filtering

    1. In Control Panel (default view), click Network and Internet Connections.
    2. Click Network Connections.
    3. In Network Connections, right-click the local area connection you want to modify, and then click Properties.
    4. On the General tab, click Internet Protocol (TCP/IP) in the list of components, and then click Properties.
    5. Click Advanced.
    6. Click the Options tab, click TCP/IP filtering, and then click Properties.
    7. In the TCP/IP Filtering dialog box, select the Enable TCP/IP Filtering check box and then add the numbers of all TCP and UDP ports and all IP protocols for which you want filtering enabled.
    8. Click OK.

    TCP/IP filtering can be enabled and disabled for all adapters by selecting a single check box. This helps troubleshoot connectivity problems that might be related to filtering. Filters that are too restrictive might unnecessarily limit connectivity options. For example, if you decide to allow only specific types of UDP traffic and do not include RIP (UDP port 520), then the RIP Listener service does not function.
    maybe you don't want IPSec?
    yeah, I\'m gonna need that by friday...

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    Thanks networker, i suppose i interpreted IPSec as a firewalling feature, what i need is a firewall can anyone suggest a good one for windows with lot of customizations.

  6. #6
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    sygate is OK, that's the only one i've used... you can set up specific rules for TCP, UDP, etc...

    http://www.sygate.com/

    there are many other free win32 firewalls, i'm sure ppl will post more links
    yeah, I\'m gonna need that by friday...

  7. #7
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    Thanks tampabay
    Sygate is good

  8. #8
    Senior Member Cemetric's Avatar
    Join Date
    Oct 2002
    Posts
    491
    what i need is a firewall can anyone suggest a good one for windows with lot of customizations.
    I can recommend Outpost ... You can get it here Outpost

    You can alter a lot of settings and create your own rules as wel ... I like it.

    C.
    Back when I was a boy, we carved our own IC's out of wood.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •