Need ipsec help
i have windows domain network with server 2008 dc , server 2003 webserver. webserver domain bound so can have share access users deposit files onto ftp sites internal network. trying webserver installed dmz on our watchguard firewall. watchguard support has told me setup ipsec allow secure connection between webserver , domain controller have fewer ports open share access trusted optional (dmz) sides of firewall. having difficult time trying figure out how setup ipsec connection. have read alot of ms's stuff (amongst other references on net) confused , have had little luck getting ipsec configured correctly. here details:
the trusted network has domain controller located @ 10.10.10.40 (static). dmz has webserver @ 192.168.1.2 (static). firewall has ipsec filters set allow ipsec traffic in both directions. has smb filter allow share access trusted dmz. , rdp policy remote access testing , setup (i disable rdp once working.) can ping webserver trusted, cannot access shares (i dc not able authenticate error). can rdp server , log on local admin, failure when using domain account (no logon servers available service request). if move webserver on trusted, can access shares , rdp without trouble. have tried configure ipsec filters several times in several ways, both webserver in trusted , in dmz. no luck on getting ipsec work correctly. can give me idea of policy,filter setup make work? obviously, web server still need communicate unsecurely external clients. want secure communication dc share authentication trusted network.
i think pretty common setup. maybe wrong. appreciated.
the trusted network has domain controller located @ 10.10.10.40 (static). dmz has webserver @ 192.168.1.2 (static). firewall has ipsec filters set allow ipsec traffic in both directions. has smb filter allow share access trusted dmz. , rdp policy remote access testing , setup (i disable rdp once working.) can ping webserver trusted, cannot access shares (i dc not able authenticate error). can rdp server , log on local admin, failure when using domain account (no logon servers available service request). if move webserver on trusted, can access shares , rdp without trouble. have tried configure ipsec filters several times in several ways, both webserver in trusted , in dmz. no luck on getting ipsec work correctly. can give me idea of policy,filter setup make work? obviously, web server still need communicate unsecurely external clients. want secure communication dc share authentication trusted network.
i think pretty common setup. maybe wrong. appreciated.
russell,
it appears configured firewall pass ipsec , smb traffic, must allow ports active directory traffic in order use services. how configure firewall permit traffic discussed at: http://support.microsoft.com/kb/179442. should configure firewall allow traffic to/from trusted addresses, of course.
i hope helps.
dave
dave bishop
it appears configured firewall pass ipsec , smb traffic, must allow ports active directory traffic in order use services. how configure firewall permit traffic discussed at: http://support.microsoft.com/kb/179442. should configure firewall allow traffic to/from trusted addresses, of course.
i hope helps.
dave
dave bishop
Windows Server > Platform Networking
Comments
Post a Comment