Re: ipsec for lan

From: Rotem Bar (barman@myrealbox.com)
Date: 07/26/01 

Message-ID: <007501c11610$13454880$3766003e@bar>
From: "Rotem Bar" <barman@myrealbox.com>
To: "Focus on Microsoft Mailing List" <FOCUS-MS@SECURITYFOCUS.COM>
Subject: Re: ipsec for lan
Date: Thu, 26 Jul 2001 13:18:00 -0700

Hi there....

The 3 options are

1. Client: respond only (if some one is ask him to secure he will secure the
connection)

2. Server: (he ask for secure connection, but if the other side don't have
the policy he will continue unsecured)

3. Secure Server (the only way to communicate with him is on secure
connection)

if you have a web site you can not use option 3 because its will not
communicate with unsecured connection

in side a LAN you can apply the 2nd option so that the connection with other
host on the internet cold be made.

if you have alot of trafic on the web server use the 1st option .....

With Best Regards
Rotem Bar
CNE - MCP - CCSA

PGP Finger Print
3BB0 2335 E1A6 B918 3A07 1AD3 57B8 D388 FFD3 7750

----- Original Message -----
From: "Frédéric Médery" <fmedery@sympatico.ca>
To: <focus-ms@securityfocus.com>
Sent: Tuesday, July 24, 2001 7:40 PM
Subject: ipsec for lan

> Hello everybody,
> This is my first mail to the ML. If my question is in the FAQ, please
> forgive me :-)
> My domain is 100% Win 2k (SRV and station). I like t use ipsec all over
> my LAN.
> Since my LAN is 100% win2k I'll use Kerberos.
> In the propriety of ipsec, I've got 3 options : client, secure server
> and server.
> Because my domain is connected to internet (through DMZ) I read that I
> have to use the "server option" so all my computers will be able to
> communicate inside my LAN.
> Is it the right solution for implementing ipsec for my lan ?
>
> Thank you for your (futures) advices.
>
> Frederic
>
>
>

Relevant Pages

  • Re: Can only connect to local RWW, over internet cannot
    ... OK, so now we know RWW works, and it is a function within RWW, the ability ... to 'Connect to Server' which is problematic, from inside the LAN. ... The 'Connect to server desktops' and 'Connect to my computer at work' ... RDP Proxy dynamically opens the connection to the requesting IP so at this ...
    (microsoft.public.windows.server.sbs)
  • Re: Possible to secure WEP?
    ... It doesn't have to be a "server". ... this IP cannot be in the same class C IP block as your own LAN. ... To keep it simple, my gateway router, ... Ethernet adapter Local Area Connection: ...
    (alt.internet.wireless)
  • Re: 2 NICs Configuration Problem
    ... Servers on the DMZ are public, ... provides NAT for the LAN machines, allowing them to reach the Internet ... effectively bypassing firewall filtering to that server. ... Ethernet adapter Server Local Area Connection: ...
    (microsoft.public.windows.server.networking)
  • Re: Dial-up ICS settings = Configuration Problems
    ... On Machine #1 have you told it that it is to share its Internet connection? ... Double click on your LAN connection ... IntelPRO/100 VE Network Connection - Packet Scheduler Miniport ... Primary WINS Server: 0.0.0.0 ...
    (microsoft.public.windowsxp.network_web)
  • Re: How safe is this..
    ... >of my LAN I have connected a second Router to the first one (LAN 2 WAN ... >setting up a RADIUS server to secure the wireless side even more. ... contrived for the duration of the connection and not saved anywhere. ...
    (alt.internet.wireless)