I have a 2003 R2 server running an IPSec policy to secure a few ports between client/server. The IPSec policy works fine, however I've noticed that the server has opened UDP 500 for IKE which does make sense. One of the problems with this is the fact that the server just did it without asking... this firewall exception does not appear anywhere in the Firewall GUI/control panel tools. However, running the following command on the box shows that the port is indeed open:
netsh firewall show state verbose=enable
Also, running the following nmap command from a Linux host:
nmap -PN -sU -p 500 mywinserver.in.question
Yields:
PORT STATE SERVICE
500/udp open isakmp
So my question, how do I scope this port so that it is open only to hosts/subnets that need to perform IKE negotiation? I have tried creating a firewall rule for UDP 500, and scoping it as I normally would, however the port still appears to be available from anywhere.
Thanks,
Dasani