Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setup IPSEC policy to deny all and allow necessary ports

Status
Not open for further replies.
netmechs

netmechs

Technical User
Apr 22, 2003
3
0
0
US
I have a machine that runs webserver on internal ip address of 10.10.10.10 and I have added an addtional ip to the network adapter card of 10.10.10.122 for my ftp server.

I'm using tcp/ip filtering
tcp ports 20,21,22,80,443
udp 161,162
ip 6,8

Evrything works fine but when I apply my ipsec filters, I cannot access the FTP server .... below is my config

ipsecpol -x -w REG -p "YO" -r "BlockAll" -n BLOCK -f 0=*::*
ipsecpol -x -w REG -p "YO" -r "AllowICMP" -n PASS -f 0::=*:*:ICMP
ipsecpol -x -w REG -p "YO" -r "AllowFTP-in" -n PASS -f 0:20+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowFTPData-out" -n PASS -f 0:=*:20:TCP
ipsecpol -x -w REG -p "YO" -r "AllowFTP-in" -n PASS -f 0:21+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowFTP-out" -n PASS -f 0:=*:21:TCP

ipsecpol -x -w REG -p "YO" -r "AllowSSH-in" -n PASS -f 0:22+*::TCP

ipsecpol -x -w REG -p "YO" -r "AllowSMTP-in" -n PASS -f 0:25+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowSMTP-out" -n PASS -f 0:=*:25:TCP

ipsecpol -x -w REG -p "YO" -r "AllowDNS_TCP-in" -n PASS -f 0:53+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowDNS_TCP-out" -n PASS -f 0:=*:53:TCP

ipsecpol -x -w REG -p "YO" -r "AllowDNS-in" -n PASS -f 0:53+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowDNS-out" -n PASS -f 0:=*:53:UDP

ipsecpol -x -w REG -p "YO" -r "AllowHTTP-in" -n PASS -f 0:80+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowHTTP-out" -n PASS -f 0:=*:80:TCP

ipsecpol -x -w REG -p "YO" -r "AllowSNMP-in" -n PASS -f 0:161+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowSNMP-out" -n PASS -f 0:=*:161:UDP
ipsecpol -x -w REG -p "YO" -r "AllowSNMPTrap-in" -n PASS -f 0:162+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowSNMPTrap-out" -n PASS -f 0:=*:162:UDP

ipsecpol -x -w REG -p "YO" -r "AllowHTTPS-in" -n PASS -f 0:443+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowHTTPS-out" -n PASS -f 0:=*:443:TCP

ipsecpol -x -w REG -p "YO" -r "AllowSysLog-in" -n PASS -f 0:514+*::UDP
ipsecpol -x -w REG -p "YO" -r "AllowSysLog-out" -n PASS -f 0:=*:514:UDP

ipsecpol -x -w REG -p "YO" -r "AllowRDP-in" -n PASS -f 0:4701+*::TCP

ipsecpol -x -w REG -p "YO" -r "AllowNetBackup-in" -n PASS -f 0:13700+*::TCP
ipsecpol -x -w REG -p "YO" -r "AllowNetBackup-in" -n PASS -f 0:13782+*::TCP

 
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
89
DTGMI
DTGMI
microsGuy16
  • Locked
  • Question
Can not copy files to Mapped drive
Replies
0
Views
106
microsGuy16
microsGuy16
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
62
DrB0b
DrB0b
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
51
penguinroundup
penguinroundup
tscstl
  • Locked
  • Question
access to local folder
Replies
1
Views
73
hairlessupportmonkey
hairlessupportmonkey

Part and Inventory Search

Sponsor

Back
Top