IPSEC Question

[paul123456]

Can someone plz explain to me how u set this up. i want all communication within the network to be "required" secure. if u hit assign to the "required security" none of the computer clients are able to see, ping or communicate with the server. plz can someone explain how to set this up? the network is behind a NAT and includes 1 2k server and 23 clients. Thanks, PAUL

 

[GiaBetiu]

You should not have any such a problems.
Implement this security policy (via a GPO) for domain for example. Don't forget that this will apply to the machines. The idea is that your workstations and your server should have common security requirements.
Check the settings that you decided to have (in IP Security policies). If those doesn't satisfy your needs that you can create a new one. How to do it? ... just follow the wizard.
And don't forget about the order GPOs are processed, and check eventually "No Overwrite" or "Block Inheritance".
Gia Betiu
m.betiu@chello.nl
Computer Eng. CNE 4, CNE 5

 

[GrnEyedLdy]

Paul123456

If you set your server to "Secure Server (Require Security)"the computers in your domain must use IPsec for all communication with that server.
Computers on the network that don't have IPSec enabled won't be able to comminicate with the Server.
You will receive an message from your ping saying "Request time out"...because although the server could be located, it did not respond back in a timely manor as it could not respond to clients who were not configured to use IPSec.

As GiaBetiu said, you shoud configure IPSec policies inside a GPO that applies to a container that holds all the computers that require this secure communication (be it a site, a domain, or an ou), so that they are all using the same policy.

Hope this helps,

Patty