IPSEC between W2K domain member and W2K stand-alone

J

justiono

Dear All,

I have some doubts, would you please help me to explain:

a. Is it possible to configure IPSec communication between a W2K
Professional (domain member) and W2K Server (stand alone server, not
member of any domain).
b. If so, which certificate server can be used? Standalone root CA in
stand-alone W2K Server?

Many thanks
 
R

Roger Abell [MVP]

a) yes
b) any CA that is trusted for the purpose

Certificates is the reasonable choice, but preshared key would also work.
 
B

Brian Komar [MVP]

a) yes
b) any CA that is trusted for the purpose

Certificates is the reasonable choice, but preshared key would also work.
Click to expand...
To further clarify Roger's answer. As long as both servers receive their
IPSec certificate from the same CA (or chain to the same root CA), the
certificate-based auth will work.

Standalone CA will work, but does not have to be on the standalone
server. It can be on a domain member or on a standalone CA.

Are there any other plans for digital certificates in your environment.
Try and not fall into the trap of just setting up CAs for each
application. If you see other certificate uses, plan a proper PKI before
you start setting up "pockets of PKI"

Brian
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Stand-alone root CA 3
Placing a certificate on a non domain server 1
Migrate Enterprise root authority CA to stand-alone root CA 0
How to open LSA API on Win2k in order to determine if a computer is member of domain 3
Securing Communication Between Domain Members and their Domain Controllers 1
trouble with IPSEC and RRAS 3
IPSec VPN problems 3
Cert Authority--Enterprise Stand Alone or both? 3

Top