D
David Gardiner
I've created an IPsec policy to only permit certain ports to be accessible on a Win2003 Server (actually a 2-node a/p cluster running SQL Server).
I'm trying to open up UDP port 161, which (I'm pretty sure) is what SNMP uses so that some monitoring software on another machine can connect to the SNMP service and retrieve status info.
This is the extract from the netsh script I use:
add filterlist name="SNMP"
add filter filterlist="SNMP" srcaddr=monitorserver dstaddr=Me protocol=UDP srcport=0 dstport=161 mirrored=yes description="jupiter<->Me UDP src Any, dst 161, Nagios uses SNMP to monitor SQL"
add rule name="SNMP" policy="Domain Member SQL Server" filterlist="SNMP" filteraction="PERMIT"
Trouble is, it seems to work for a minute or two, then IPsec starts blocking the packets - I've enabled the diagnostic logging, and there they are in the system event log.
I've experimented with adding the cluster IP as well as the node IP, but neither seems to make much difference.
Is there anything special about IPsec filtering and UDP that I should know about?
-dave
I'm trying to open up UDP port 161, which (I'm pretty sure) is what SNMP uses so that some monitoring software on another machine can connect to the SNMP service and retrieve status info.
This is the extract from the netsh script I use:
add filterlist name="SNMP"
add filter filterlist="SNMP" srcaddr=monitorserver dstaddr=Me protocol=UDP srcport=0 dstport=161 mirrored=yes description="jupiter<->Me UDP src Any, dst 161, Nagios uses SNMP to monitor SQL"
add rule name="SNMP" policy="Domain Member SQL Server" filterlist="SNMP" filteraction="PERMIT"
Trouble is, it seems to work for a minute or two, then IPsec starts blocking the packets - I've enabled the diagnostic logging, and there they are in the system event log.
I've experimented with adding the cluster IP as well as the node IP, but neither seems to make much difference.
Is there anything special about IPsec filtering and UDP that I should know about?
-dave