Sign In »
Register Now!
Help
Hello:
It appears on Server 2008-R2 and Windows 7 that you cannot require IPSec
user authentication for inbound ICMPv4 echo requests (pings) without causing
those ping requests to be dropped.
In my testing, you can of course require IPSec for pings, you can also
require computer authentication from the pinging peer in the forest and
it'll still work fine, but once you add IPSec user authentication (with or
without computer auth too), then the incoming ping packets are dropped.
Yes, I've got IPSec user authentication correctly configured and working
with other protocols on the same test boxes (Kerberos for computer auth,
Kerberos for user auth), but it seems ping does not work with IPSec user
authentication. On my test systems, ICMP is not exempted. Testing was done
with the built-in ICMPv4-In incoming firewall rule in the "File and Printer
Sharing" group. No testing done with ICMPv6.
Has this been the experience of others too?
Thx
Page 1 of 1
Ping and IPSec AuthIP user authentication
Rate Topic:
Back to top
#2
Peter Foldes
Posted 12 February 2010 - 11:29 PM
Beth
Wrong newsgroup . What you want is the windows.server.security newsgroup as per
below
news://msnews.micros...server.security
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
"Beth Swathmore" <bswathm@fizzle.com> wrote in message
news:udpgd0BrKHA.5940@TK2MSFTNGP02.phx.gbl...
> Hello:
>
> It appears on Server 2008-R2 and Windows 7 that you cannot require IPSec user
> authentication for inbound ICMPv4 echo requests (pings) without causing those ping
> requests to be dropped.
>
> In my testing, you can of course require IPSec for pings, you can also require
> computer authentication from the pinging peer in the forest and it'll still work
> fine, but once you add IPSec user authentication (with or without computer auth
> too), then the incoming ping packets are dropped. Yes, I've got IPSec user
> authentication correctly configured and working with other protocols on the same
> test boxes (Kerberos for computer auth, Kerberos for user auth), but it seems ping
> does not work with IPSec user authentication. On my test systems, ICMP is not
> exempted. Testing was done with the built-in ICMPv4-In incoming firewall rule in
> the "File and Printer Sharing" group. No testing done with ICMPv6.
>
> Has this been the experience of others too?
>
> Thx
>
>
>
Wrong newsgroup . What you want is the windows.server.security newsgroup as per
below
news://msnews.micros...server.security
--
Peter
Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.
"Beth Swathmore" <bswathm@fizzle.com> wrote in message
news:udpgd0BrKHA.5940@TK2MSFTNGP02.phx.gbl...
> Hello:
>
> It appears on Server 2008-R2 and Windows 7 that you cannot require IPSec user
> authentication for inbound ICMPv4 echo requests (pings) without causing those ping
> requests to be dropped.
>
> In my testing, you can of course require IPSec for pings, you can also require
> computer authentication from the pinging peer in the forest and it'll still work
> fine, but once you add IPSec user authentication (with or without computer auth
> too), then the incoming ping packets are dropped. Yes, I've got IPSec user
> authentication correctly configured and working with other protocols on the same
> test boxes (Kerberos for computer auth, Kerberos for user auth), but it seems ping
> does not work with IPSec user authentication. On my test systems, ICMP is not
> exempted. Testing was done with the built-in ICMPv4-In incoming firewall rule in
> the "File and Printer Sharing" group. No testing done with ICMPv6.
>
> Has this been the experience of others too?
>
> Thx
>
>
>
#3
Beth Swathmore
Posted 13 February 2010 - 11:27 AM
> Wrong newsgroup . What you want is the windows.server.security newsgroup\
Thanks!
Thanks!
Share this topic:
Page 1 of 1