How do I use IPSEC to create a basic firewall.

[Bloke at the pennine puddle (Replace n.a.v.d with]

Hope someone can assist.

I read somewhere that on a Windows 2000 domain it is possible to
secure domain controllers by IPSEC, thus providing a basic firewall
where all inbound connections from the WAN are blocked, ecept from
response ports opened by connections going to the WAN.

I did read a document somewhere on how to do this, unfortunatly I
didn't capture it and now I can't locate it.

So, can anyone please assist?

 

[Bloke at the pennine puddle (Replace n.a.v.d with]

Oh, I forgot that I'm not really interested in logging. Only to be in
the knowledge any no unauthorised connections get in.

 

[Lanwench [MVP - Exchange]]

Slightly OT, but if you have a network, you also want something protecting
the perimeter, such as a hardware firewall between your router and your
network.

 

[Steven Umbach]

Ipsec is best used to manage/protect traffic for the lan. A firewall at the
perimeter should be first line if defense. Having said that, to answer your
question you need to create a block all rule that is mirrored. Then you create a
mirrored rule for the lan based on ip subnet and use permit for the action. For
other specific ports, rules need to be created such as udp port 53 for dns
resolution to the internet. --- Steve

http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
http://www.securityfocus.com/infocus/1559
http://support.microsoft.com/default.aspx?scid=kb;en-us;313190
http://support.microsoft.com/default.aspx?scid=kb;en-us;811832


"Bloke at the pennine puddle (Replace n.a.v.d with vodafone.net.)"

 

[Guest]

Here is a good link with sample IPSec packet filtering policy:

http://www.analogx.com/contents/articles/ipsec.htm

Cheers.