Re: IPSEC between W2K domain member and W2K stand-alone
- From: Brian Komar [MVP] <bkomar@xxxxxxxxxxxxxxxxx>
- Date: Sun, 15 Jan 2006 11:16:08 -0600
In article <ekgU0e#FGHA.4036@xxxxxxxxxxxxxxxxxxxx>, mvpNoSpam@xxxxxxx
says...
> a) yes
> b) any CA that is trusted for the purpose
>
> Certificates is the reasonable choice, but preshared key would also work.
>
> <justiono@xxxxxxxxx> wrote in message
> news:1137115641.613099.78800@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> > Dear All,
> >
> > I have some doubts, would you please help me to explain:
> >
> > a. Is it possible to configure IPSec communication between a W2K
> > Professional (domain member) and W2K Server (stand alone server, not
> > member of any domain).
> > b. If so, which certificate server can be used? Standalone root CA in
> > stand-alone W2K Server?
> >
> > Many thanks
> >
>
>
>
To further clarify Roger's answer. As long as both servers receive their
IPSec certificate from the same CA (or chain to the same root CA), the
certificate-based auth will work.
Standalone CA will work, but does not have to be on the standalone
server. It can be on a domain member or on a standalone CA.
Are there any other plans for digital certificates in your environment.
Try and not fall into the trap of just setting up CAs for each
application. If you see other certificate uses, plan a proper PKI before
you start setting up "pockets of PKI"
Brian
.
- References:
- IPSEC between W2K domain member and W2K stand-alone
- From: justiono
- Re: IPSEC between W2K domain member and W2K stand-alone
- From: Roger Abell [MVP]
- IPSEC between W2K domain member and W2K stand-alone
- Prev by Date: Re: Cannot run gpedit.msc
- Next by Date: Re: Adding templates to Certificate Services Web page
- Previous by thread: Re: IPSEC between W2K domain member and W2K stand-alone
- Next by thread: Re: Event ID 681 and 529
- Index(es):
Relevant Pages
|
|
