|
Posted by Steven L Umbach on January 4, 2006, 4:48 pm
Please log in for more thread options
I have not tried it myself but you might be able to make it work. Configure
your ipsec policy filters so that instead of using "my IP address" you use
the actual IP address of the network adapter. You can specify
ports/protocols in the filters. The link below may help. --- Steve
http://www.microsoft.com/technet/security/topics/architectureanddesign/ipsec/ipsecapa.mspx
> setup:
>
> LAN 1: (10.10.10.0/255.255.255.0)
> Gateway: 10.10.10.254/255.255.255.0
> server1 (win2003SP1):
> NIC1.1: 10.10.10.1/255.255.255.0
> NIC1.2: 99.99.99.91 (MPLS adress)
>
> LAN 2: (10.10.20.0/255.255.255.0)
> Gateway: 10.10.20.254/255.255.255.0
> server2(win2003SP1):
> NIC2.1: 10.10.20.1/255.255.255.0
> NIC2.2: 99.99.99.92 (MPLS Adress)
>
> LAN1 is connected to LAN2 throug a LAN-2-LAN VPN tunnel (CISCO PIX)
> througput 10MBit
>
> Server1-NIC1.2 is connected to server2-NIC2.2 throug a 1GBit MPLS Network
>
> Is it posible to shield of NIC1.2 and NIC2.2 so the only trafic allowed on
> the NICs is incomming/outgoing IPSec tunnels between the 2 servers. and
> when
> the tunnel is established only trafic on a few ports is allowed.
>
> Any hints?
>
| 
XML Sitemap