IPSEC POlicy behavior - Network

This is a discussion on IPSEC POlicy behavior - Network ; HI , I've the following problem setting up an IPSEC policy. I want to use IPSEC policy to restrict traffic from a server . So I defined a policy with several rules . There are serveral "permit" rules which should ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: IPSEC POlicy behavior

  1. IPSEC POlicy behavior

    HI ,
    I've the following problem setting up an IPSEC policy.
    I want to use IPSEC policy to restrict traffic from a server .
    So I defined a policy with several rules .
    There are serveral "permit" rules which should permit the allowed traffic
    then I create a "deny IP " policy to block all IP traffic .
    But as soon as I enable the "deny IP" rule the traffic doesn't flow as
    expected ,rather is blocked .

    Should it work as I expect ?
    thanks


  2. Re: IPSEC POlicy behavior

    IPsec rules follow specificity. A generic "deny all" rule is the least
    specific, so it will be followed only if traffic doesn't match any other
    rule.

    Please reply with the following additional information:

    * The OS you're using, and the service pack level
    * Your rules


    --
    Steve Riley
    steve.riley@microsoft.com
    http://blogs.technet.com/steriley
    http://www.protectyourwindowsnetwork.com


    "Stefano Colombo" wrote in message
    news:A1DFF0F7-129B-4798-BC35-7093D176EC50@microsoft.com...
    > HI ,
    > I've the following problem setting up an IPSEC policy.
    > I want to use IPSEC policy to restrict traffic from a server .
    > So I defined a policy with several rules .
    > There are serveral "permit" rules which should permit the allowed traffic
    > then I create a "deny IP " policy to block all IP traffic .
    > But as soon as I enable the "deny IP" rule the traffic doesn't flow as
    > expected ,rather is blocked .
    >
    > Should it work as I expect ?
    > thanks
    >


  3. RE: IPSEC POlicy behavior

    On microsoft.com/ipsec there is a filter weight article that should help.

    "Stefano Colombo" wrote:

    > HI ,
    > I've the following problem setting up an IPSEC policy.
    > I want to use IPSEC policy to restrict traffic from a server .
    > So I defined a policy with several rules .
    > There are serveral "permit" rules which should permit the allowed traffic
    > then I create a "deny IP " policy to block all IP traffic .
    > But as soon as I enable the "deny IP" rule the traffic doesn't flow as
    > expected ,rather is blocked .
    >
    > Should it work as I expect ?
    > thanks
    >


+ Reply to Thread