|
IPSec between Unix and Windows
I have a need to encrypt traffic from a legacy application hosted on an AIX
server to windows clients. The information I have read seems to point at
using certificate based IPSec to accomplish this or using ISA server as an
IPSec proxy. Has anyone implemented either of these solutions, information
has not been easy to find on how to do this.
The application runs over Telnet and the client...
|
3 |
03.07.2007 18:54:01 |
|
|
MPACK Threat IPSeccmd and Vista
As a response to the MPACK-Threat (10.000 Servers in Europe poisoned by an
iframe that loads MPACK Trojan) we issued a Domain Policy stopping
connections to 64.38.33.13 as recommended by e.g. Avira.
Additionaly we issued the IPSeccmd
Ipseccmd -x -w REG -p "MPACK Server block" -r "MPACK Server block" -n BLOCK
-f 0/255.255.255.0+64.38.33.13/255.255.255.255
To every Client/Server whi...
|
2 |
03.07.2007 18:42:31 |
|
|
SonicWall "IPSec packet from or to an illegal host"
I'm getting the following emailed to me a hundred times a day. Any ideas on
whether it is coming from inside or outside my firewall, and how am i going
to find what the 169 address refers to? the 10.1.1.2 is my server.
06/29/2007 16:57:01.816 - IPSec packet from or to an illegal host -
169.254.243.103 - 10.1.1.2 - SPI:0x300
This email was generated by: SonicOS Standard...
|
1 |
03.07.2007 14:04:44 |
|
|
How to allow internet trafic in an IPSec environment
Hi experts,
I'm performing some tests to implement IPSec in my network, but after to
enable the IPSec police I loose my communication with internet, the intranet
communication remain working as expected, in short my filters are configured
as below:
1- Any <-> Intranet - Secure
2- Any <-> Infrastructure services - Permit
3- Me <-> Any ...
|
1 |
26.06.2007 17:51:00 |
|
|
slow sbs 2003 server
Is it possible that an invalid IPSEC policy and filter settings could cause
in/outbound traffic on my sbs2003 server to be extremely slow? peer-peer
workstations are just fine. Dir-Dir inside the server when copying large
files, works fine. However, any traffic such as copying files to/from the
server from any workstation is SSLLOOWW! This started happening right after
SP2 was instal...
|
1 |
26.06.2007 14:23:00 |
|
|
Is Policy Applied or Not?
I have an IPSec policy applied to my DCs via GP (defaul domain controller
policy). The RSoP on two DCs indicate that the policy is there and applied.
However, 'netsh ipsec static show policy all' shows the policy on one but not
the other! This is in line with what the servers are doing - the one that
shows the DC policy in the netsh command is blocking the traffic I want but
the one that...
|
6 |
14.06.2007 16:56:31 |
|
|
SA Quick Mode Complete but not encrypting
Hi,
I have two servers sitting on different sites. They have Kerio software
firewalls running and I need to get IPsec working on them.
To test the connection, Im trying to get traffic from one site to the other
encrypted on port 80. I have setup the policies and I can see the Security
Associations are successfully been established. However, the actual data
doesn't seem to be passin...
|
2 |
12.06.2007 22:39:02 |
|
|
invalid inbound SPI vista ipsec
I am trying to setup static SAs for ipsec on vista. It is allowing me
to choose the outbound SPI but when I try to add the inbound SPI using
IPsecSaContextAddInbound0 the API returns with no error but in the
security monitor I see the "INVALID SPI" counter increasing. I looked
at the sample code provided by microsoft and they use
IPsecSaContextGetSpi0 to get the inbound SPI before adding the ...
|
1 |
24.05.2007 06:49:43 |
|
|
Active directory and IPSEC
Hi,
I have two sites that are connected via VPN. But the VPN is making the
Internet connection VERY slow. Is there another option to connecting the
two sites that doesn't use as much bandwidth? Maybe replicating AD through
the Internet only? or SSL?
If so, can someone point me in the right direction
Thanks in advance
J
...
|
1 |
23.05.2007 15:25:57 |
|
|
site-to-site VPN client setup
Hello all,
I have a small branch office set up with a site-to-site VPN tunnel between
my main office ISA server and a Win2K3 R2 server at the branch office set up
as a local DC, RRAS server, DNS, etc. It has a single NIC behind a NAT
gateway to the branch office ISP.
I have set up the client XP Pro machines TCP/IP in the branch office with
the DNS and default gateway set up to poin...
|
1 |
22.05.2007 15:51:02 |
|
|
WAN Miniport (PPTP) missing from RRAS
Server: Windows 2003 SBS
Updated with Service Pack 2
Problem: Can no logner create VPN Connections
WAN Miniport (PPTP) is not in the RRAS ports list any longer. RRAS was
working fine until some error happened with a program found in the temp
directory. Cleaned server and everything is fine with the exception of RRAS
WAN Miniports missing. The WAN Miniport (PPPoE), Direct Parallel...
|
5 |
11.05.2007 01:34:01 |
|
|
Native IPSec on Windows Vista
Hi,
I want to use IPSec policy on Windows Vista environment. Please help me to
provide the information for the same.
Do i need to configure IPSec policy through MMC, and which services i need
to unable (e.g IKE and AuthIP IPsec Keying Modules, IPsec Policy Agent)
Thanks in advance
Best Regards,
Sunil...
|
1 |
09.05.2007 06:59:01 |
|
|
Ports for Windows logon
I have users that vpn into our dmz. Once they are in the dmz, I would like
for them to logon to the domain. Can anyone tell me what ports I need to
open on the firewall to allow full windows authenication? ...
|
1 |
30.04.2007 12:30:03 |
|
|
IPsec question in vista
Hi! I have a question in vista. I am trying to set up IPsec policy on vista
to create a VPN connection.
I had seted up IPsec policy on WinXP successfully.
But that same set up on vista, result is failure.
I had tried to create a tunnel on windows firewall.
I try to ping the node in the VPN but it reply Negotiating IP Security.
What's the problem?
Thanks.
Leo.
...
|
2 |
27.04.2007 17:40:10 |
|
|
different IPSec for different working hours
My environment is Windows 2003 server and many XP machines.
I have created IP security policy on Domain Controller and it works fine.
Now I want to enable all rules on working hours, e.g. 9am - 6pm. And disable
some rules outside of those boundaries. Is it possible to configure is in
such way? How?
Now I simply have made script, which automatically stops IPSec service on
6pm and starts o...
|
1 |
19.04.2007 07:56:12 |