Hi All, I have setup a Windows Server 2008 as a VPN server. I can establish preshared key IPSec VPN connection from my client. I also have a apache tomacat webserver running on the server 2008 machine. In normal cases if the client is in the same network it can talk to the webserver through port 8080. How do I configure the Apache Tomcat to only accept connections from client only if it is connected through IPSec? Is this possible? Thanks In Advance, Perumal

How do I configure the Apache Tomcat to only accept connections from client only if it is connected through IPSec? Is this possible? IPSec is done at the IP-level, therefor applications are not needed to be "IPSec aware" since it is done on a lower layer, that is one of the beautys of IPSec. ;) However, you can configure your webservers firewall to require all inbound traffic (or a specific port or protocol) to be secured by IPSec before the firewall opens the port for the client. This is configured in Windows Firewall with Advanced Security -> Connection Security Rules -> New Rule. Good luck! // Fredrik "DXter" Jonsson - http://www.poweradmin.se

Hi, Yes, I have tried that but it is not working.Just to clarify previously my client connected to the webserver through port 8080. Now I have set the new connection security rule (IPSec preshared key )for this port. Now after establishing vpn connection which port must my client use to connect to the webserver. Still through port 8080? Thanks In Advance, Perumal

What is not working? What have you done exactly? Can the client connect to any resource on the VPN server? How is the IPSec tunnel (transport mode, not tunnel mode) authenticated?// Fredrik "DXter" Jonsson - http://www.poweradmin.se

The client can connect to the VPN server successfully. As mentioned before I also have a apache tomacat webserver running on the server 2008 machine. In normal cases if the client is in the same network it can talk to the webserver through port 8080. But now after establishing IPSec how do I access the webserver from client? I have setup the Windows Firewall with Advanced Security -> Connection Security Rules -> New Rule for port 8080. But after establishing VPn connection I could not access the port. Is there any additional settings that needs to be done? Must I access using another port after connection? Thanks In Advance, Perumal

Yes, but how does you connection security rule look like exactly? What have you done exactly on the server and the client? What is failing? The IKE negotiation? How are clients autenticatin the IPSec in transport mode? You have to be more specific for us to be able to help you. To be honnest, I don't think it is a good idea to run a internal webserver on a VPN server, but that is my personal opinion.// Fredrik "DXter" Jonsson - http://www.poweradmin.se