IPSec without encryption between intranet and standalone



Hi all,

Im trying to use IPSec to lock down a server denying all TCP traffic
and then opening traffic on certain ports for certain IP addresses.

The ruleset works fine, the server still has public http acces, I can
get terminal services up etc. However the intranet accesses the msSQL
server on the remote host via a connection string and there is a pause
everytime a new connection is made or a session expires as the intranet
attempts to authenticate via kerberos. This is not possible as they are
not on the same domain.

Couple of questions;
1 - why is this problem not apparent when using teminal services etc,
but very apparent on the intranet msSQL access, when all the rules have
the default kerberos authentication.
2 - can I dtop authentication completely..? If I used a sharedkey how
would that let HTML traffic through..?
3 - if I use a shared key how to get that key used from the intranet to
the remote machine..? Do I set up IPSec at the other end as well..?

Thanks for any help but of an IPSec newbie.

.



Relevant Pages

  • Re: Constant Password Authentication
    ... domain and server name in the URL. ... confirm that the same authentication methods are checkmarked as compared to ... Within our organisation there are staff who are ... > Up until recently a company that has had access to our intranet had been ...
    (microsoft.public.inetserver.iis.security)
  • RE: Windows authentication from ASP.NET to SQL Server
    ... The easiest way is to turn off anonymous access for the Intranet site. ... will force authentication, usually through a login box (although the network ... > intranet server and our database server, both of which are on our local ... > Successful Network Logon: ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: NTLM Authentication on IIS 6.0
    ... A couple of areas on the Intranet are restricted. ... Windows Intergrated Authentication enabled on the couple of pages that ... I use the administrator un/pw and that fails. ... server, it works everytime. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Web App Security and MSIE Settings
    ... "Intranet users" group have read access to the virtual directory. ... We access the server using the netbios name, ... >> In an AD mixed mode environment, MSIE clients running on WinXP have ... >> random authentication dialogs. ...
    (microsoft.public.dotnet.security)
  • Re: Mapping drives and Encryption
    ... ipsec newsgroup involving those on the ipsec team at MS being asked if this ... Ipsec is supported for domain controller to ... authentication traffic will be blocked and IPSec ... > getting the certificate server setup right. ...
    (microsoft.public.windowsxp.security_admin)