No announcement yet.

Configuring IPSec between Web Server and App server.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuring IPSec between Web Server and App server.

    I'm having issues getting IPSec configured between a Web Server on a Workgroup and App server on the Domain.

    I tested IPSec between the to servers using Certificates without port filtration, and I they were able to communicate just fine.
    The web server will only communicate with the App server via web services over port 80 so now I'm trying to restrict traffic to port 80 on both servers and it is not working.

    This is what I have set up for IPSec:

    On the Web server I created an IPSec Policy and have two rules; one block everything coming from the App server and the other allows traffic from the App server over port 80.
    Source address: App IP (
    Destination Address: My IP Address
    Protocol: ANY
    Filter Action: Block

    Source address: App Ip (
    Destination Address: My IP Address
    Protocol: TCP
    From: Any Port
    To this port: 80
    Filter Action: Negotiate Security

    I have the same policy, rules, filters and Action on the App server but I replaced the IP with the Web server IP.

    The communication between servers occurs if I uncheck the rule MatchAllTrafficFromAppServer on each server but if I have both rules set up and I try to open a web page from the web server, I'm not able to.

    Ultimately what I want to do is to move the web server to the DMZ and have the App server on the LAN but I want to test everything on the LAN first.

  • #2
    Re: Configuring IPSec between Web Server and App server.

    are the ipsec rules processed in ordre ? (it's been 2+ years since i covered that training material, and i've never had to use it)

    if so - you nede your allow entry before your deny entry.
    Please do show your appreciation to those who assist you by leaving Rep Point