1833873 Members
2081 Online
110063 Solutions
New Discussion

Re: IPsec question

 
gonzangus
Advisor

IPsec question

Can IPsec in windows server 2003 be used for filtering the traffic from one internal net to the Internet???
2 REPLIES 2
Igor Karasik
Honored Contributor

Re: IPsec question

Gonzangus,
I think IPSec can be used in addition to a firewall, but not as firewall replacement.
IPSec filtering lacks logging and
alerting, NAT feature, statefull inspection, any protection against IP spoofing and other things which any basic firewall have.
If you connect your internal network to Internet you will need some type of content security solution (TrendMicro,Esafe,etc) as well (in addition to firewall).
See this link as well
http://securityadmin.info/faq6.asp#firewall

I think also that I misunderstand you previous question (with Subject: "Security question") - windows 2003 built-in firewall can only protect windows 2003 server itself but not entire network - you need ISA or other firewalls for it.

Ivan Ferreira
Honored Contributor

Re: IPsec question

IPsec is used to secure the communication between the client and the server. Is not used for packet filtering. You could in fact, assign a policy that rejects insecure communications on the client, but the performance costs of ipsec is too high to enable it if you don't really need it.

You should use an ISA server or another firewall solution for this purpose.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?