RE: IPSEC
- From: v-edtian@xxxxxxxxxxxxxxxxxxxx (Edward Tian)
- Date: Mon, 25 Jul 2005 10:09:55 GMT
Hi Absar:
Thank you for posting here.
I am sorry for the delayed response due to weekend. Please understand that
the newsgroups are staffed weekdays by Microsoft Support professionals to
answer your systems and applications questions. Your understanding is
greatly appreciated!
1. Based on your description, I would like to confirm some information with
you:
a. I assume that SBS2003 based domain is your own domain, some users of
your company belongs to another domain (For example, named 'Newdomain').
IPSec security is applied to these clients. You mentioned that when they
comes to Newdomain they are unable to get IP from the DHCP server, but then
you mentioned that the DHCP server is located in your network (SBS2003
domain), so I am confused whether the exact problem is.
To narrow down this issue, would you please help to clarify the detailed
behavior of this issue? For your convenience, you can use 'SBS2003' to
represent your own domain and use 'Newdomain' to represent the other
domain, and then tell me the behavior of this problem. In addition, could
you tell me how you implement the IPSec policy for the two domains?
2. Disable the local IPSec policy
Generally speaking, IPSec can improve security on a network, but changing
network configurations or troubleshooting problems more difficult.
Sometimes, IPSec policies require secured communication on a Windows XP
Professional-based computer. These requirements can make it difficult to
connect to a remote host. If IPSec is implemented locally, you can turn off
the IPSEC Services service in the Services snap-in.
If the difficulties end when you stop the IPSec services, IPSec policies
are either blocking the traffic or requiring security for the traffic.
Note: By default, local IPSec policy is disabled.
I appreciate your understanding and look forward to hearing from you. If
anything is unclear, please feel free to let me know, I am glad to be of
assistance.
Have a nice day, Absar! :-)
Best Regards
Edward Tian(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: IPSEC
| thread-index: AcWO1C9Qr/L+AFIMRl+lccd2xhhzyQ==
| X-WBNR-Posting-Host: 61.247.233.47
| From: "=?Utf-8?B?QWJzYXI=?=" <Absar@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: IPSEC
| Date: Fri, 22 Jul 2005 08:44:02 -0700
| Lines: 24
| Message-ID: <4B8B1787-167E-488E-9BBF-14E75E9AF9A4@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups: microsoft.public.windows.server.sbs
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:138146
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| HI ALL!
|
| I have a SBS 2K3 premium based domain. Few users of my company belong to
| different domain and IPSEC security is applied to these clients. When
they
| comes to thier company domain they are unable to get IP from DHCP server
if
| they plugging the network cord after they have restarted the laptop, if
while
| restarting the network cord is connected then they gets the IP from DHCP
| server. The DHCP server in my network is backup domain controller, while
the
| exchange server 2k3 is on domain controller. in case when they already
have
| connected the network cord while restarting they ae unable to communicate
| with domain controller ( SBS 2003) if they are downlaoding mails while
using
| separate DSL connection they are able to downlaod mails but then they can
not
| access local network.
|
| If I stop IPSEC it's stooping many srvices with it e.g. DHCP client
service,
| network awareness layer etc.
|
| What should I do to solve the problem, so that they gets IP from my DHCP
| server, can communicate with domain controller (SBS 2003 ).
|
| The mail client outlook 2003 is configured as RPC over HTTP of client
| domain, POP of my domain.
|
| Thanks in advance.
|
.
- References:
- IPSEC
- From: Absar
- IPSEC
- Prev by Date: RE: SAVOnAccess Control
- Next by Date: RE: RAS dial-in connection speed
- Previous by thread: IPSEC
- Next by thread: MSN 7.0 blocking
- Index(es):
Relevant Pages
|
