Re: lan ipsec ws2003 / xp pro deplyoyment

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 01/07/04 

Date: Wed, 07 Jan 2004 01:31:37 GMT

You will need to use pptp since l2tp requires machine certificates which would
require you to make your sever a Certificate Authority. You would have to enable
Remote Access on the server and configure it and then configure your XP computer to
have a vpn network connection. But since you are using the lan, I think it will be a
lot easier to use ipsec in transport mode configuring each computer to use the same
preshared key for machine authentication. If you use ipsec pre shared key [policy/all
ip traffic/edit/authentication methods/add/use this key], the communications will be
secure however the preshared key will be stored in the registry in clear text which
should not be a concern if you use a firewall to the internet and malicious users can
not physically access your computers. You could go to Local Security Policy of each
computer and configure the wireless computer with the require policy and the server
with the request policy. Using request policy on both computers should enable secure
ipsec communications, but require on the laptop would insure it. Keep in mind that
the laptop would not be able to access the internet with a require policy unless you
put an exemption rule in for internet traffic such as port 80 tcp, port 443 tcp, port
53 udp, etc. You can use the ipsec monitoring mmc snapin to make sure your traffic is
being ipsec secured. --- Steve

"john smith" <anonymous@discussions.microsoft.com> wrote in message
news:6492E473-000A-483E-9264-9655E9EFAE98@microsoft.com...
> anyone find an easy way to deploy pptp or l2tp between a ws2003 server, and xp pro
client, both are using dhcp .
>
> so nothing remote, just lan (server to client pptp) with dhcp assigned ips
(wireless) via ap plugged into the linksys router, server and pc have only one nic in
each.

Relevant Pages

  • Re: Securing the communication between all workstations in a domain
    ... I am no expert at Ipsec. ... I would try using the server (request ... security) policy in that OU - the secure policy is rather extreme and can ... exempt the domain controllers from ipsec traffic - a request policy may work ...
    (microsoft.public.win2000.security)
  • Re: Require connecting systems to be a Domain Computers
    ... something in which I include the group Domain Computers. ... >kerberos computer authentication for the ipsec SA then the computer must be ... In such case the server must not be a domain controller, ... >ipsec require policy will need to exempt all domain controllers with a rule ...
    (microsoft.public.security)
  • Re: IPSEC Problems
    ... You may want to try and rebuild the ipsec policy. ... ipsec negotiation traffic between domain members and domain controllers as ... > this server and any communication was shown correctly in ipsecmon. ...
    (microsoft.public.windows.server.security)
  • Re: IPSec Policy Doesnt Really Block
    ... Group Policy would be one way to apply ipsec policies. ... by now I would double check the dns configuration on that server making sure it ... >> where specific filters override general filters where there is a conflict. ...
    (microsoft.public.win2000.security)
  • Re: IPSec Policy Doesnt Really Block
    ... Group Policy would be one way to apply ipsec policies. ... by now I would double check the dns configuration on that server making sure it ... >> where specific filters override general filters where there is a conflict. ...
    (microsoft.public.win2000.networking)