IPSEC

Spacer_08Spacer_08 Member Posts: 39 ■■□□□□□□□□
Hey guys, ok so I've just spent quite a while trying to master Ipsec (I had routers to deal with also!) and I believe to understand it.. however, could someone please explain to me a few a things..

A) I've only practised setting up negotiation type links with server - server. For server - xp clients etc etc which tool is used to create the policy on the xp machines?

B) By default, no IPsec policies exsist within a server03 computer.. so what is it instead that is blocking access on ports etc?

Thanks!

Comments

  • gojericho0gojericho0 Member Posts: 1,060
    A) You can use group policy to setup IPsec in a Server -> Client environment

    http://technet2.microsoft.com/windowsserver/en/library/52b69518-ba98-4c7e-aa1d-4591ad74903a1033.mspx?mfr=true

    B) Numerous things could be blocking ports. What is the path between Server03 and the client you are trying to connect with. Is there a personal firewall on the client enabled on the client or server?
  • Spacer_08Spacer_08 Member Posts: 39 ■■□□□□□□□□
    Hey thanks for the quick reply! Sorry, I didnt explain B very well, I didnt mean that was my situation :p

    Example:

    A brand new server03 rig is installed, however no IP sec policies, firewalls etc etc have been configured. When the telnet service is started on the new server, currently everybody can telnet in correct? I guess what i really want to know it, are there any other alternatives to Ipsec configuration that can block out certain IP addresses? (other than firewalls etc naturally). I dont believe there is but I'd just like some clarification.
  • gojericho0gojericho0 Member Posts: 1,060
    You can block connections to this server using ACLs on routers or layer 3 switches as well. Is that what you mean?
  • Spacer_08Spacer_08 Member Posts: 39 ■■□□□□□□□□
    I mean within the operating system itself. I know it may seem like a stupid question (well it probably is) but it's just something that I wanted to clear up on :P Thanks again!
Sign In or Register to comment.