Hello John,
Thank you for using newsgroup!
From your post, I'd like to suggest you help me provide me with the
following information:
1. Do you use public IP or private IP between RRAS server and client?
2. How do you configure filters in Routing and Remote Access Service (RRAS)?
3. How do you configure the RRAS policy created by the RRAS server?
Based on your requirement, I have performed some research. I found Internet
Protocol security (IPSec) filtering rules can be used to help protect
Windows 2000-based, Windows XP-based, and Windows Server 2003-based
computers from network-based attacks from threats such as viruses and
worms. This article describes how to filter a particular protocol and port
combination for both inbound and outbound network traffic. It includes
steps to whether there are any IPSec policies currently assigned to a
Windows 2000-based, Windows XP-based, or Windows Server 2003-based
computer, steps to create and assign a new IPSec policy, and steps to
unassign and delete an IPSec policy.
For more related information, you may refer to the following article:
813878: How to block specific network protocols and ports by using IPSec
http://support.microsoft.com/kb/813878
More Reference:
================
248750: Description of the IPSec policy created for L2TP/IPSec
http://support.microsoft.com/kb/248750
252735: How to Configure IPSec Tunneling in Windows 2000
http://support.microsoft.com/kb/q252735
Internet Protocol Security and Packet Filtering
<
http://www.microsoft.com/technet/itsolutions/network/evaluate/technol/tcpip
fund/tcpipfund_ch13.mspx>
Hope the information helps!
Thanks & Regards,
Ken Zhao
Microsoft Online Partner Support
Get Secure! -
www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "John Smith" <
[email protected]>
| Subject: Inbound filters not workign
| Date: Tue, 28 Mar 2006 16:53:51 -0800
| Lines: 26
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| Message-ID: <
[email protected]>
| Newsgroups: microsoft.public.win2000.ras_routing
| NNTP-Posting-Host: ip68-224-56-120.lv.lv.cox.net 68.224.56.120
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.ras_routing:17945
| X-Tomcat-NG: microsoft.public.win2000.ras_routing
|
| I'm trying to setup some inbound packet filters on My 2003 AD Server to
| prevent access to a certain program, but i can still access the port thru
| the program. i'm configuring filters on the public interface in the ip
| routing/general section of RRAS. here is my netsh output:
|
|
| Filter Information for Interface Local Area Connection 2
| ------------------------------------------------------------------
|
| Fragment checking is Disabled.
|
| Filter Type : INPUT
| Default Action : FORWARD
|
| Src Addr Src Mask Dst Addr Dst Mask Proto
Src
| Port Dst Port
|
----------------------------------------------------------------------------
--------------
| 0.0.0.0 0.0.0.0 192.168.1.0 255.255.255.0 UDP
| 8767 8767
| No demand-dial filters configured.
|
|
|
| Help
|
|
|
