""Don Nguyen"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Its generally a good idea only to open ports that necesarry (eg. 80 for > http, 21 for ftp, etc..). Opening up unnecesarry ports and/or running > unnecesarry services just opens your server up to security vulnerabilities. > In your case I don't really understand what you're trying to do. For a web > server using SSL you only have to allow inbound traffic to port 443, you > don't need port 80 open unless it also serves up unencrypted pages. If you > want/need to use IPSEC you will need to allow inbound traffic on the UDP > port 500 and allow IP protocols 50 and 51(not ports 50 and 51).
Or generally just protocol 50. Because after all, how many people really use AH? Even the standards bodies are thinking of dropping AH because it really doesn't do very much - ESP can also do authentication, and while AH does also does authentication of parts of the packet header, is that really worth the overhead of creating another 2 SA's? > > HTH, > > Don Nguyen Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42352&t=42333 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
