I disagree. IPSec CAN work with NAT, it just takes some work, and the
right equipment. Several routers, VPN switches, and the like offer
automatic NAT traversal discovery. Basically, if NAT is detected, the
IPsec traffic is encapsulated within UDP using a predetermined destination
port.
Kent Spencer <[EMAIL PROTECTED]> on 09/07/2001 01:32:01 PM
Please respond to "NT System Admin Issues"
<[EMAIL PROTECTED]>
To: "NT System Admin Issues" <[EMAIL PROTECTED]>
cc:
Subject: Re: DNS UDP LDAP BROADCASTS BRING UP ISDN CIRCUIT
. disregard. IPSec does not work with NAT. It lets you configure it
but it never works. Can't you just create a packet filter on
the configured interface? Should be on the General tab.
Kent
--- Kent Spencer <[EMAIL PROTECTED]> wrote:
> .. try looking at ipsec with a filter for LDAP.
> Kent
>
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
>
> --- Graham Grist <[EMAIL PROTECTED]> wrote:
> > How can we stop these two broadcasts bringing up the ISDN line
> every
> > 4
> > hours.
> >
> > The broadcasts are from these lines in netlogon.dns
> >
> > ldap._tcp.dc._msdcs.OURDOMAIN.COM. 600 IN SRV 0 100 389
> > OURSERVER.OURDOMAIN.COM.
> >
> > _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.OURDOMAIN.COM.
> > 600 IN
> > SRV 0 100 389 OURSERVER.OURDOMAIN.COM.
> >
> > We only have one site with a few computers and one Win 2K server.
> > Our set up is a small business site with no internet registered
> > domain. We
> > use private IP addresses and a NAT ISDN router.
> >
> > We use the ISDN dial up connection for access to the Web, but we
> have
> > no
> > incoming web access to us from customers and so on.
> > Mail is collected from the ISP POP3 server by our mail server.
> >
> > DNS is set up with forwarders.
> > We have set the LAN connection to "no registration of the
> connection
> > in
> > DNS". (Is that right?)
> >
> > We have disabled Netlogon dynamic registration of the DC name, and
> > also
> > disabled DNS dynamic update registration of PTR records (Reverse
> Look
> > Ups)which has successfully stopped an hourly ISDN connection.
> > We have an event log warning that as dynamic DNS is not supported
> we
> > need
> > to manually entering the contents of
> > %SystemRoot%\System32\Config\netlogon.dns in to DNS - how do we do
> > that
> > and is that relevant to this problem?
> >
> > Many thanks
> >
> >
> > http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Get email alerts & NEW webcam video instant messaging with Yahoo!
> Messenger
> http://im.yahoo.com
>
> http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
>
__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
