IPSec between domain controllers, cant make it work!

sab4you · Jul 6, 2005

We have 3 domain controllers and an Exchange Server. I would like to have all 4 of them only communicate IPSec between the bunch. Further I would like all 4 of these servers to IPSec to the Admin Workstations.

On DC #1 I created local IPSec policies to use IPSec encryption when talking to my machine or DC #2.

When I enable this, it seems to work. All 3 computers can talk just dandy and I think I am the cool IPSec master.

But, when I go to DC #2 and create an identical IPSec policy, saying use IPSec to talk between DC#2 and DC#1, then they can no longer talk.

Can you only setup IPSec from one end of the connection? Shoudnt you be able to tell it to use IPSec from both ends of the communication?

aftertaf · Jul 7, 2005

choose the 'request' ipsec on all the pcs concerned...
they should dialogue with IPsec while being able to communicate with other PCs normally.

Aftertaf
Last time I checked, i wasn't Mike Lacey

sab4you · Jul 7, 2005

well, on my domain controller i said require ipsec between itself and my workstation.

On my workstation I then created a rule to request ipsec between my address and the DC.

On both computers, I learned I needed to also create a rule allowing from any to any with permit - so this is on both computers as well.

I then restarted the IPSec service and still no connection between the two. I am sure I have some basic config incorrect, anybody know?

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

IPSec between domain controllers, cant make it work!

sab4you

IS-IT--Management

aftertaf

IS-IT--Management

sab4you

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor