The second filter is a "BLOCK all traffic" filter so it is intended to block
all your traffic. The first filter is the filter that is exempted from the
block so that all traffic matching the first filter will be permitted to go
to the server. So configure your first filter (or multiple filters in the
filter list) to specify all traffic that you want to go to the server. We
recommend using the most restrictive filters (down to the protocol and
port). The Help system that came with Windows Server 2003 can walk you
through creating IPSec policy.
--
Mark Swift
--------
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Assaf Sheep" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> "Joseph Davies [MSFT]" <(E-Mail Removed)> wrote in message
> news:<(E-Mail Removed)>...
>> To do what you need, you need to create a local IPSec policy on the
>> server
>> computer with two rules:
>>
>> 1. Filter action: Permit, Filter List: List of filters for allowed
>> traffic,
>> each filter is the source IP address of a client with destination TCP
>> port
>> 3389, mirrored
>> 2. Filter action: Block, Filter List: Create a filter list for all
>> traffic,
>> mirrored
>>
>> You cannot control access based on MAC addresses using IPSec, which
>> relies
>> on Internet layer and above protocols to define traffic.
>>
>> There is no other capability of Windows Server 2003 that allows you to do
>> MAC-level address filtering.
>>
>
> Hello,
>
> I also have the same problem. what do I need to configure in the
> second filter (source and destination) because with the default
> configuration all the traffic to the server is blocked !
>
> I'll appricate any help.
>
> Assaf
Similar Threads
Linear Mode
