本文介绍了在Windows Server 2003和Windows XP客户端之间使用ipsec设置DNS问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我们有一台Windows 2003服务器计算机(运行DNS服务器),使用以下命令进行ipsec设置: -

We have a  windows 2003 server machine(with DNS server running on it) with ipsec setup using following command:-

[注意:服务器IP:10.96.16.11,客户端IP:10.96.16.51,客户端的子网掩码:255.255.252.0,客户端的默认网关方式:10.96.16.11]

[Note: Server IP :10.96.16.11,Client ip :10.96.16.51,subnet mask for client:255.255.252.0,default gate way for client:10.96.16.11]

netsh ipsec dynamic set config ipsecexempt value = 1

netsh ipsec dynamic set config ipsecexempt value=1

netsh ipsec static add policy name = IPSEC-POLICY

netsh ipsec static add policy name=IPSEC-POLICY

netsh ipsec static add filteraction name = action-require-ipsec action = negotiate qmpfs = no soft = no

netsh ipsec static add filteraction name=action-require-ipsec action=negotiate qmpfs=no soft=no

netsh ipsec static add filteraction name = action-permit action = permit

netsh ipsec static add filteraction name=action-permit action=permit

REM为非ipsec创建过滤器列表

REM create filterlist for Non ipsec

netsh ipsec static add filterlist name = Filter-Internal-NonIPSec

netsh ipsec static add filterlist name=Filter-Internal-NonIPSec

netsh ipsec static add filter filterlist = Filter-Internal-NonIPSec description = Filter-Internal-SSL protocol = TCP srcaddr = 10.96.16.0 srcmask = 255.255.252.0 dstaddr = 10.96.16.11 dstmask = 255.255.255.255 dstport = 443 mirrored = yes

netsh ipsec static add filter filterlist=Filter-Internal-NonIPSec description=Filter-Internal-SSL protocol=TCP srcaddr=10.96.16.0 srcmask=255.255.252.0 dstaddr=10.96.16.11 dstmask=255.255.255.255 dstport=443 mirrored=yes

netsh ipsec静态广告d filter filterlist = Filter-Internal-NonIPSec description = Filter-Internal-DNS protocol = UDP srcaddr = 10.96.16.0   srcmask = 255.255.252.0   dstaddr = 10.96.16.11   dstmask = 255.255。 255.255 dstport = 53 mirrored = yes
netsh ipsec static add filter filterlist=Filter-Internal-NonIPSec description=Filter-Internal-DNS protocol=UDP srcaddr= 10.96.16.0  srcmask=255.255.252.0  dstaddr= 10.96.16.11  dstmask=255.255.255.255 dstport=53 mirrored=yes

推荐答案

(假设DNS IP可以从客户)

( Assuming that the DNS IP is pingable from the Client)

 请将您的DNS服务器IP标记为"10.96.16.11"并尝试nslookup。 

  Please mark your DNS server IP as "10.96.16.11" and try nslookup. 

请发布nslokup和事件日志结果的输出(如果有)。同时检查DNS服务是否处于运行状态。 

Kindly post the output of the results of nslokup and event log if any. Also check the DNS service is in running state. 

 

干杯

请记住点击"标记为答案"在帮助您的帖子上,并点击"Unmark as Answer";如果标记的帖子实际上没有回答你的问题。这对阅读该主题的其他社区成员有益。

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


这篇关于在Windows Server 2003和Windows XP客户端之间使用ipsec设置DNS问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

10-18 23:29