Here is what I want to happen:
One server running IIS7 currently sitting on the domain.
I want it to be secured using IPsec so that port 80 and 443 are open to ALL machines unsecured but all other ports are secure.
I want specified client PC's to be able to communicate with the server via IPsec to access shares etc
This is what I have:
One OU containing client machines with a standard Client IPsec policy installed (the built in one)
One OU containing the server with the following options defined:
Web Filter Name Settings
Allow web access Permit any source IP address to My IP address over TCP port 80
Permit any source IP address to My IP addres over TCP port 443
Allow domain logins Allow communication from specific IP address (the DC) to My IP address over ANY port to ANY port
All IP traffic Require security from ANY IP address to My IP address over ALL ports
This is what I get:
Machine WITH IPsec policy installed - Can ping server
Can access server shares
Unable to access web site on port 80 or 443
Machine WITHOUT IPsec policy - Cannot ping server
Cannot access shares
Can see web site over ports 80 and 443
I can't figure out why I can't get web access over the IPsec connection???? Everything else is perfect!!!
Never mind, sorted it!
All I needed to do was add a filter to the Client IPsec side of things to allow data FROM the server over port 80/443 to client machines with a Permit action. All is now working perfectly.
Sounds so simple when I read it now
There are currently 1 users browsing this thread. (0 members and 1 guests)