Need help with IPSec

19 Feb 2005 3:21 AM

GJ

Hello,

On my Windows 2000 Web server, I've assigned an IPSec policy I created, and
have run into DNS issues. The filter is configured to block all but the
following ports:

20 (TCP)
21 (TCP)
25 (TCP and UDP)
53 (TCP and UDP)
80 (TCP)
443 (TCP)
3389 (TCP)

I can access the web and ftp site fine, and can connect with Terminal Svcs,
but the server cannot send mail with the smtp service. An error is logged in
the event viewer about the server not being able to find the destination
domain, some kind of DNS error (don't have the exact error with me right
now, sorry). Also, I can't browse the web from the server either. I assume
this is a name resolution issue - do I need to open any other ports to
resolve this?

Thanks.

19 Feb 2005 3:42 AM

Steven L Umbach

If you want to web browse from the server you need to make sure that
outbound port 80 TCP is allowed and for internet dns name resolution port 53
UDP will need to be allowed for access to either your ISP dns server or the
root dns servers. Inbound ports to 53 would only be needed if you are
offering dns server on your web server to internet users. --- Steve

Show quote

"GJ" <gjew***@houston.rr.com> wrote in message
news:4hyRd.24854$Bx5.15562@fe1.texas.rr.com...
> Hello,
>
> On my Windows 2000 Web server, I've assigned an IPSec policy I created,
> and have run into DNS issues. The filter is configured to block all but
> the following ports:
>
> 20 (TCP)
> 21 (TCP)
> 25 (TCP and UDP)
> 53 (TCP and UDP)
> 80 (TCP)
> 443 (TCP)
> 3389 (TCP)
>
> I can access the web and ftp site fine, and can connect with Terminal
> Svcs, but the server cannot send mail with the smtp service. An error is
> logged in the event viewer about the server not being able to find the
> destination domain, some kind of DNS error (don't have the exact error
> with me right now, sorry). Also, I can't browse the web from the server
> either. I assume this is a name resolution issue - do I need to open any
> other ports to resolve this?
>
> Thanks.
>
>