Jump to content

IPSec policy on servers connected to 2 networks

Guest Stuart

By Guest Stuart
in Windows 2003 Server

 Share

Recommended Posts

Guest Stuart

Guest Stuart

Posted
Posted

Hi. I am currently investigating how to setup an IPSec policy on a small

network (single domain) of ~20 windows 2003 and 2000 servers and ~10 windows

xp and 2000 workstations. Of the 20 servers 5 of them are directly

connected to other networks via a second nic, the IP address ranges of these

second network connections also vary.

 

If possible can anyone advise how I can deploy a policy to enable IPSec on

the internal domain traffic while still allowing these 5 servers to continue

communicating to their second network in the clear ? I'm comfortable with

setting up IPSec, it's how to handle the two network issue I'm stuck on.

 

Thanks,

Stuart.

  • Replies 2
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Steve Riley [MSFT]

Guest Steve Riley [MSFT]

Posted
Posted

Re: IPSec policy on servers connected to 2 networks

 

Except for when you indicate the interface type (all, LAN, or remote), the

IPsec engine doesn't care about interfaces -- it concerns itself only with

IP addresses and any rules that match those addresses.

 

What kind of policies do you want on the internal domain?

 

 

--

Steve Riley

steve.riley@microsoft.com

http://blogs.technet.com/steriley

http://www.protectyourwindowsnetwork.com

 

 

"Stuart" <newsgroups> wrote in message

news:O9xNI9gKIHA.1212@TK2MSFTNGP05.phx.gbl...

> Hi. I am currently investigating how to setup an IPSec policy on a small

> network (single domain) of ~20 windows 2003 and 2000 servers and ~10

> windows xp and 2000 workstations. Of the 20 servers 5 of them are

> directly connected to other networks via a second nic, the IP address

> ranges of these second network connections also vary.

>

> If possible can anyone advise how I can deploy a policy to enable IPSec on

> the internal domain traffic while still allowing these 5 servers to

> continue communicating to their second network in the clear ? I'm

> comfortable with setting up IPSec, it's how to handle the two network

> issue I'm stuck on.

>

> Thanks,

> Stuart.

Guest Roger Abell [MVP]

Guest Roger Abell [MVP]

Posted
Posted

Re: IPSec policy on servers connected to 2 networks

 

Instead of defining your rules as to/from My Address define

them using to/from IP of concern for the traffic type.

 

"Stuart" <newsgroups> wrote in message

news:O9xNI9gKIHA.1212@TK2MSFTNGP05.phx.gbl...

> Hi. I am currently investigating how to setup an IPSec policy on a small

> network (single domain) of ~20 windows 2003 and 2000 servers and ~10

> windows xp and 2000 workstations. Of the 20 servers 5 of them are

> directly connected to other networks via a second nic, the IP address

> ranges of these second network connections also vary.

>

> If possible can anyone advise how I can deploy a policy to enable IPSec on

> the internal domain traffic while still allowing these 5 servers to

> continue communicating to their second network in the clear ? I'm

> comfortable with setting up IPSec, it's how to handle the two network

> issue I'm stuck on.

>

> Thanks,

> Stuart.

 Share
Go to topic listing
×
×
  • Create New...