Re: IPsec Implementation

From: Brian Komar (bkomar_at_nospam.identit.ca)
Date: 07/29/05

• Next message: mikev80: "File access tracking software"
• Previous message: Joshua J: "IPsec Implementation"
• In reply to: Joshua J: "IPsec Implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 29 Jul 2005 10:48:40 -0500

In article <OO07GBFlFHA.4028@TK2MSFTNGP10.phx.gbl>,
noemail@f.o.r.s.p.a.m.m.i.n.g.com says...
> I'm trying to implement IPsec on the work network just for the LAN. After
> reading about planning and setting up policies. I'm still not 100% sure what
> it is that I need to do.
>
> We're using Windows Server 2003 Enterprise edition and I checked that IPsec
> service is running.
>
> Do I only need to setup IPsec policies (request security) on the server and
> the workstations will use IPsec automatically? All the workstations are
> running XP SP2.
>
> If I right-click on an IPsec policy, "Assign" is shown on the menu. If after
> I selected Assign, would I be able to simply unassign it? Would there be any
> complications?
>
> Do I need to create some sort of certificates for IPsec? server and
> workstations?
>
>
>
>
The main thing with IPSec is defining the policies that will be
implemented for both clients and servers. You may end up defining
specific policies for servers vs clients.

For example, you may want to have the servers assigned the "Request
Security" or "Require Security" policy while the clients are assigned
the "Client Respond Only" policy. Or, maybe a custom policy that you
define.

You can assign and unassign with no problem. It is recommended to do the
assignments through GPO, rather than asisgning at individual
workstations.

For authentication, if it is a domain environment, I would recommend
using Kerberos authentication. You can use certs, but it involves extra
planning and deployment.

Brian

-- 
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian

---

• Next message: mikev80: "File access tracking software"
• Previous message: Joshua J: "IPsec Implementation"
• In reply to: Joshua J: "IPsec Implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: "There are 0 filters" using IPSec via GPO ... 1)Deleting all IPSec policies in the GPO ... 4)Assigning "request security" policy in Local Security Settings, ... (microsoft.public.win2000.security) Re: Standortverbindung mit VPN IPSEC ... damit der gesamte Datenstrom durch IPSEC durchgeht oder reicht es den Server ... Die Clients ... Next by Date: ... (microsoft.public.de.german.isaserver) Re: SBS2000 to router IPSEC ... In local policies or in a GPO aplied to an OU?. ... I am not sure also what IP filters are needed in ISA server to allow trafic ... for a normal IPSEc negociation. ... known issues with Branch Office tunnels SW to SBS. ... (microsoft.public.windows.server.sbs) Re: SBS2000 to router IPSEC ... In local policies or in a GPO aplied to an OU?. ... I am not sure also what IP filters are needed in ISA server to allow ... trafic for a normal IPSEc negociation. ... known issues with Branch Office tunnels SW to SBS. ... (microsoft.public.windows.server.sbs) Re: SBS2000 to router IPSEC ... controler (as SBS is) and the ipsec policie is configures in Local policies. ... Today, after some more testings and a full server restart, it seems like the ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2005-07