Announcement

Collapse
No announcement yet.

How to setup "Destination Port" range in "IP Security"

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to setup "Destination Port" range in "IP Security"

    I setup Rule in "IP Security Policies" (from secpol.msc )
    With TCP protocol, I can setup for exact port, but I don't know how to setup rule for a range of ports, for example from port 21000 to port 21999
    Please help me, thanks

  • #2
    Re: How to setup "Destination Port" range in "IP Security"

    Here's link to instructions http://www.microsoft.com/technet/pro...o/ispstep.mspx

    Mod, may want to move to General Security.
    Regards,
    Jeremy

    Network Consultant/Engineer
    Baltimore - Washington area and beyond
    www.gma-cpa.com

    Comment


    • #3
      Re: How to setup "Destination Port" range in "IP Security"

      Originally posted by JeremyW View Post
      Mod, may want to move to General Security.
      Done!

      Michael
      Michael Armstrong
      www.m80arm.co.uk
      MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        Re: How to setup "Destination Port" range in "IP Security"

        Thanks for answer, but may be we misunderstand
        My question is as pictures follow
        Attached Files

        Comment


        • #5
          Re: How to setup "Destination Port" range in "IP Security"

          Originally posted by thangnm View Post
          Thanks for answer, but may be we misunderstand
          My question is as pictures follow
          Have you actually looked at the picture you provided???

          Click on the radial button To this port

          Comment


          • #6
            Re: How to setup "Destination Port" range in "IP Security"

            Originally posted by wullieb1 View Post
            Have you actually looked at the picture you provided???

            Click on the radial button To this port
            Wullie, that's source and destination port, not range. I think he's trying to get firewall functionality out of IPSec policies... which I don't think is gonna happen.
            Last edited by wullieb1; 29th November 2006, 05:25.
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: How to setup "Destination Port" range in "IP Security"

              Originally posted by JeremyW View Post
              Wullie, that's source and destination port, not range. I think he's trying to get firewall functionality out of IPSec policies... which I don't think is gonna happen.
              Sorry about the edit. Clicked the wrong button.

              I think i need to get back to reading the books. Can't rememebr the last time i even looked at ipsec

              Comment


              • #8
                Re: How to setup "Destination Port" range in "IP Security"

                Originally posted by wullieb1 View Post
                Sorry about the edit. Clicked the wrong button.
                I've done that a couple of times myself. No worries.
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: How to setup "Destination Port" range in "IP Security"

                  So is it impossible with IPSec?

                  Comment


                  • #10
                    Re: How to setup "Destination Port" range in "IP Security"

                    I'll try and find some time to go through my books at home but it would helpful if I knew what you're trying to accomplish.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: How to setup "Destination Port" range in "IP Security"

                      My purpose is that:
                      I make a program, my server connect to about 100 PCs with difference ports of each PC, from 1001 to 1100
                      For security, I setup IPSec Authenticate (use Preshare Key) for each connection, please see picture for more detail
                      So that why I want to setup for range of ports
                      Attached Files

                      Comment


                      • #12
                        Re: How to setup "Destination Port" range in "IP Security"

                        I'm afraid you'll need to setup a filter for each port if you want to trigger by port number.

                        Are you using IPSec in transport or tunnel mode?
                        Can you filter by some other attribute? (e.g. DNS name, source/dest IP address, source/dest subnet, etc)
                        Where are these computers located? (WAN, LAN, same subnet, different subnet...)
                        Regards,
                        Jeremy

                        Network Consultant/Engineer
                        Baltimore - Washington area and beyond
                        www.gma-cpa.com

                        Comment


                        • #13
                          Re: How to setup "Destination Port" range in "IP Security"

                          I'm using IPSec in transport, not in tunel
                          I use in WAN - different subnets, so it is difficult to filter by some other attributes like DNS, IP, subnet, ....

                          Comment


                          • #14
                            Re: How to setup "Destination Port" range in "IP Security"

                            Well if filtering by another means is impossible then you'll need to make those 100 entries to the filter list.

                            Remember that the connecting computer needs to have a compatible policy.
                            Regards,
                            Jeremy

                            Network Consultant/Engineer
                            Baltimore - Washington area and beyond
                            www.gma-cpa.com

                            Comment


                            • #15
                              Re: How to setup "Destination Port" range in "IP Security"

                              That means I have to to manualy port by port?

                              Comment

                              Working...
                              X