Hi,
I want to open IPSEC between two servers with a firewall in between them. Both servers are Windows 2008 R2. I want to limit the IPSEC so that only data can flow from Intranet Server 1 to DMZ server1. (I don't want to allow DMZ server to initiate data transfer to intranet) So, this IPSEC rule is for ONE WAY traffic.
I have asked my network team to open the following ports:
From Server1 on intranet to Server2 in DMZ:
UDP 500
protocol type 50
Protocol type 51
However, the IPSEC connectivity is failing. The server does not appear to be NEGOTIATING security. To simply the configuration, I am currently only using a passphrase to authenticate the IPSEC.
I am wondering if I have to open the same firewall ports from the DMZ to the intranet too. Can anyone confirm if the ports must be enabled in both directions to have IPSEC work? and if this is the case, I guess I would have to rely on the IPSEC policy itself to BLOCK communication from the DMZ to the Intranet.