IPSec firewall

[Jorge Atton Mayorga]

hello i want to make a firewall using IPSec Policies, can
close all icmp and ip traffic but when i try to navigate in
the web i can't, i tried to open port 80 but it doesn't work.

 

[Sartan Dragonbane]

http://www.tacteam.net/isaserverorg/vpnkitbeta2/outboundnat-t.htm

If you're trying to 'just' enable IPSec - your endpoints must support it as
well, which is usually never the case over the internet (unless you're
running a VPN)

 

[Steven L Umbach]

I much prefer a firewall over ipsec filtering, but having said that make sure you are
also allowing dns resolution which will require port 53 udp/tcp outbound access. I
generally start with a block all IP mirrored rule and then configure a mirrored
permit rule for all IP for the local subnet. Then I create a mirrored outbound rule
for allowed ports with source my address and destination any address Then I add
filters in the rule for port 80 tcp, 443 tcp, and 53 tcp/udp for dns. That should
give you basic internet access. --- Steve

http://www.securityfocus.com/infocus/1559 -- tutorial on ipsec filtering