|
Posted by Roger Abell [MVP] on November 7, 2006, 1:04 am
Please log in for more thread options Just to clarify a little . . .
IPsec in tunnel mode (as Karl indicated as available with Cisco, etc.)
is one way to use IPsec. The other, transport mode between two end
systems does not require configuring a router to be involved in order
to allow it to pass the packets between the two end systems.
Roger
> Thanks guys:
>
> I am just posing a theoretical question.
>
> I am learning IPsec (I thought you MS guys did "IPSec") and I know it
> requires a SID in Group Policy to set it up. A SID for the Domain.
> So...the question crossed my mind, how does it trust a router that doesn't
> join AD? I want packets coming from the router/firewall allowed.
>
> I am supposing you have to make an exception in the firewall then.
>
> That's all. (Just discussing it helps... like what Roger said below.)
>
> thanks!
>
>
>
>
>
>>I think you need to clarify what you are attempting/asking.
>>
>> The IPsec Bypass flag only has affect in allowing an incoming
>> pack that is received within IPsec authentication to bypass the
>> Windows Firewall. That is, if an IPsec security association had
>> been set up, then packets received within that sa are allowed to
>> not also have to meet the definitions in the Windows Firewall.
>>
>> I can see no way that this has anything to do with routers.
>>
>>
>>> So if I get IPSec bypass running on my internal network, how do I handle
>>> a router that is attached to the Internet?
>>>
>>> A 3rd party router won't be joined to AD. ----Now this is without ISA.
>>>
>>> Do I make Exceptions for it? (WF is up.) Or is there another or
>>> preferred way? Are there routers that can join AD?
>>>
>>> Thanks
>>>
>>
>>
>
>
| 
XML Sitemap