Home   ::  Login   ::  Register   ::  Post

:: Computers & Technology

windows server 2008 ipsec implantation and configuration

Posted: 2009-05-19

An IPSec (Internet Protocol security) is Windows security feature used to secure transmission of data between two computers. IPSec is used to encrypt and authenticate from the source to the destination through public or private network. IPSec uses two protocols known as ESP (Encapsulated Security Payload) for encryption and AH (Authentication Header) for authentication. The authentication methods utilizing IPSec are, Kerberos which is most commonly used, Certificate or public key infrastructure which requires certificate authority (CA), or Preshared Key which is least commonly used and is less secure. Creating IPSec using Group Policy on Windows Server 2008 To create an IPSec using group policy, follow these steps: 1. Click Start, click on Administrative Tools and then click on Group Policy Management. 2. Expand Forest, expand Domains, expand Local Domain, select and right click the OU (Organizational Unit) where your computers located and click on Create a GPO in this domain and link it here. You can edit the Default Domain Policy to implement domain wide IPSec. In this scenario, I have created OU named “SpiderTip-PCs” and placed all my IPSec required computers.

3. Name your GPO and click OK. 4. Right click the GPO you just created and click on Edit. 5. Under the Computer Configuration, expand Policies, expand Windows Settings, expand Security Settings and click on IP Security Policy on Active Directory. 6. Enable these settings by right-clicking and clicking on Assign. a. Secure Server (Require Security) - server rejects any client that is not able to communicate securely through IPSec. b. Server (Request Security) - server communicates through IPSec when it’s available but still communicates with clients that are not able to communicate securely through IPSec. This settings is used when you computers running older operating systems. c. Client (Respond Only) - client responds to the server’s request to connect securely through IPSec. This policy is enabled at the client side and does not initiate communication securely via IPSec unless required by the server.

That is all you need to do to assign a default IPSec security policy. You can create your own IPSec policy that has its own rules and filters to meet a customized security requirement.

© Copyright 2019-2020 SpiderTip.Com