Solved

IPSEC Firewall windows 2000

Posted on 2004-08-21
2
360 Views
Last Modified: 2013-12-04
I created an ipsec firewall on windows 2000.  Is there a way for me to export that so I can put it on multiple machines?

Thanks!

Randy
0
Comment
Question by:rjohnsonjr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 11860763
Yes... but a word of caution... the IPSEC firewall is eaily by-passed if you bind your source port to port 88 or 500
This is by design... and not a flaw (recently M$ has intorduced ways that prevent this now, sp4 and sp2 for XP)
http://support.microsoft.com/default.aspx?scid=811832 
So someone with  port scanner like Nmap can scan your box by using the following
nmap -sS -g 88 -P0 ip.ip.ip.ip -vv
They would see all the ports that were open, can could use any number of ways to bind their src port to 88,500,46 and get past the firewall.

To export your IPSEC rules, open Secpol.msc (go to the Run line, them type  "secpol.msc" press eter)
-->Highlight<-- "IP Security Policies for Local..." and then go to Action, and you'll see Export List, this will open a window for you to save the list (all policies) and you can specify how they will be saved, Tab Delimited, or Comma... if you want to save just one or two of the rules, you'll have to delete the ones you don't want... I export all, then delete what I do not want- that way there is a backup of the defaults, and the others.
-rich
0
 
LVL 6

Author Comment

by:rjohnsonjr
ID: 11885187
Thanks for your help!  I will definately following with that article :-)


-Randy
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question