IPsec on DCs

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Rao <Rao@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sun, 8 May 2005 23:06:01 -0700

I have domain controllers seperated by firewalls.

I want to encapsulate all replication traffic using IPsec, so that I can
open only few ports across firewall.

I want tio know step by step how to create filter actions and filters to
achieve this. When I create an IPsec policy in domain controller security
policy, I am not able to even ping. It says negotiating Security.

Thanks,
.

Follow-Ups:
- Re: IPsec on DCs
  - From: Arek Iskra [MVP]

Prev by Date: Re: Missing MemberOf Attribute in Active Directory Objects.
Next by Date: command prompt
Previous by thread: domains
Next by thread: Re: IPsec on DCs
Index(es):
- Date
- Thread

Relevant Pages

Re: Mapping drives and Encryption
... I ran into problems when I first started testing ipsec. ... The reason is that the domain controllers are also the KDC and the computer ... made authentication impossible. ... So then I tried using a request ipsec policy ...
(microsoft.public.windowsxp.security_admin)
Re: authentication problem
... double or triple duty most traffic [authentication and AD replication] is ... laptops and I bring up ipsec as a possible solution with the caveat on ... domain controllers because many admins right away want to enable the require ... policy at the domain level which can bring their network to it's knees. ...
(microsoft.public.win2000.security)
RE: authentication problem
... IPSec is based on the authentication of computers on a network; ... The Active Directory security domain provides this authentication using the ... are used for communication with domain controllers. ... Directory–based IPSec policy settings are typically applied to domain ...
(microsoft.public.win2000.security)
Re: Securing the communication between all workstations in a domain
... I am no expert at Ipsec. ... I would try using the server (request ... security) policy in that OU - the secure policy is rather extreme and can ... exempt the domain controllers from ipsec traffic - a request policy may work ...
(microsoft.public.win2000.security)
Re: General Security ?s
... Windows 2000 includes full IPSEC functionality and you can create ... excellent firewalls using IPSEC policies. ... Kent W. England, Microsoft MVP for Windows ... Security has been implemented, but ofcourse ...
(microsoft.public.security)