Re: Mising IPSEC

In news:EFB42971-B1DD-49C3-BA98-866EF079E7D7@xxxxxxxxxxxxx,
Si <Si@xxxxxxxxxxxxxxxxxxxxxxxxx> typed:
Dont i have to enable it on the client also?

I understand about configuring it within group policies etc. I few
docs ive seen on the net all seem to say enable it in options under
advanced TCP/IP settings.

Advanced settings is to just use IP filtering by ports.

What you want I believe is to set it in a policy, whether Local policy,
Local GP or Site/Domain/OU GPO. That part gives you the full brunt of what
IPSec will do for you. But you also have to plan out exactly how you want to
communicate with other machines. IPSec in many cases is mutually confifgured
or designed to work with specific end to end scenarios where you want to
secure traffic from one machine while ignoring general traffic from others.
In order to do that, you have to set it up on the server as Server (Request
Security) and on the client as Client (Respond only). IPSec can also be used
for encryption in a VPN (PPTP, but especially for L2TP) scenario. It can
also be used to filter traffic such as for an IIS machine where it is used
as a filter. So it largely depends on your design and what you are tyring to
do.

Didn't Bob's articles help you out? You will need to take time to read up on
it to understand what it does and how it does it.

You can also search Google on it:
enable ipsec:
http://www.google.com/search?q=enable+ipsec&rls=com.microsoft:en-us:IE-SearchBox&ie=UTF-8&oe=UTF-8&sourceid=ie7&rlz=1I7ITVA


--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Directory Services
Microsoft Certified Trainer

Infinite Diversities in Infinite Combinations

Having difficulty reading or finding responses to your post?
Instead of the website you're using, try using OEx (Outlook Express
or any other newsreader), and configure a news account, pointing to
news.microsoft.com. Anonymous access. It's free - no username or password
required nor do you need a Newsgroup Usenet account with your ISP. It
connects directly to the Microsoft Public Newsgroups. OEx allows you
o easily find, track threads, cross-post, sort by date, poster's name,
watched threads or subject. It's easy:

How to Configure OEx for Internet News
http://support.microsoft.com/?id=171164

"Quitting smoking is easy. I've done it a thousand times." - Mark Twain


.

Relevant Pages

  • Re: IPSEC BUG - Cannot filter - Subnet Mask invalid
    ... > Filter List" to Filter ASIAN Networks: ... > Is this a bug in the IPSEC Policy? ... You might want to report this as a bug to Microsoft. ... As for the IPCHAINS for Windows I'd recommend you have a look at chx: ...
    (microsoft.public.win2000.security)
  • Re: IPSEC on Win2k3 - block all default/except for a few ports
    ... to start with a block all filter rule, ... Microsoft needs to spend more ... the URL for securityfocus you gave is 404. ... I read part 1, 2, and 3 of the IPSEC intro. ...
    (microsoft.public.security)
  • Re: IPSEC on Win2k3 - block all default/except for a few ports
    ... > to start with a block all filter rule, ... Bottom line, Microsoft needs to spend ... > time on UI and implementation development on IPSEC. ... the URL for securityfocus you gave is 404. ...
    (microsoft.public.security)
  • RE: IPSEC
    ... IPSec security is applied to these clients. ... Generally speaking, IPSec can improve security on a network, but changing ... Microsoft CSS Online Newsgroup Support ... newsgroups so that they can be resolved in an efficient and timely manner. ...
    (microsoft.public.windows.server.sbs)
  • RE: allowed web site.
    ... How did you create the IPSec policy? ... Give me the screen shot of IE when you visit FedEx website. ... Microsoft CSS Online Newsgroup Support ... This newsgroup only focuses on SBS technical issues. ...
    (microsoft.public.windows.server.sbs)