Also, don't over estimate IPSec security. By default in Windows 2000 implemenations, there are these errr things known as default exceptions. Microsoft lists these. Kerberos, Broadcast traffic, multicast traffic, and RSVP (Resource Reservation Protocol) traffic. But the truth of the matter is this; any traffic that MS IPSec can't classify, it will not encrypt and it WILL NOT apply any filter rules to that traffic. I expressed this concern before and I was basically told this Kerberos is itself a security protocol that does not need to be secured by IPSec. The Kerberos exemption is basically this: If a packet is TCP or UDP and has a source or destination port = 88, permit. Interesting. So all it takes is some nifty packet crafting and ahhhh that traffic is permitted to pass, by default. Here my point. These default exemptions can be easily used to bypass IPSec security. But behold, there is a solution. If you're using Windows 2000 server or Professional or XP, modify this registry key NoDefaultExempt=0 to be NoDefaultExempt=1. If it's Windows 2003 it's set to 1 by default.
ok did a setup with vmware.. and win dows 2003 server..i ran the the ftp and ipsec but having a hellish time time securing it.when i gointo and check the logs i get an exclamation mark staing that it wont recognize the security. there i get it reset. and the same logs keep comming up.. just wondering if i am figuring this thing right...this all has to do with a project i am doing for school.Maybe the ports are wrong ...mmmmmHELP!!!!!