IPSec Filter Question

Discussion in 'Server Networking' started by Chupacabra, Jul 21, 2006.

  1. Chupacabra

    Chupacabra Guest

    I'm working on a server with 2 nics and trying to implement a fairly simple
    IPSec filter.

    Nic1 faces the network (
    Nic2 faces a private customer network ( with 2
    client PCs with and .51 addresses.

    I have created two filters. The first blocks any traffic from a subnet
    ( to another subnet ( This
    filter works beautifully, I cannot reach anything on the 172.16.x.x network
    from the 172.17.88.x subnet PCs

    The second filter PERMITS any traffic from the subnet to a
    specific IP address of

    As the second filter is more specific, I would have expected traffic to be
    able to pass to because this filter will be encountered first.
    However, I cannot get to no matter what I do from any client
    PCs on the 172.17.88.x subnet.

    However, if I change the second filter to PERMIT traffic from the subnet to the subnet, I can get to from the
    172.17.88.x subnet client PCs just fine.

    I just can't figure out why using the more specific filter (PERMIT to only doesn't work, yet a less-specific PERMIT filter (to does work?

    I have enabled IPSec event logging, and I am getting nothing there in regard
    to these packets being dropped. I have enabled Performance Monitor, and I
    see the count of Datagrams Received Discarded go up every time I try to
    access the server at

    Thanks for any ideas or help on this, it's driving me nuts!
    Chupacabra, Jul 21, 2006
    1. Advertisements

  2. Chupacabra

    Chupacabra Guest

    Good idea, but it didn't work. I just tried adding that filter with a
    Permit, but I still cannot access from any of my workstations
    on the 172.17.88.x subnet.
    Chupacabra, Jul 24, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.