IPSec Between Non-Trusting Domains

J

just say NO to PDF

Hi:

Does anyone know if it is possible to use IPSec in transport mode between
two W2K systems that are not members of the same domain (two domains that
don't trust)?

I know that when using IPSec inside a domain, Kerberos is involved. All of
the MS documentation seems to talk about using IPSec between domain members,
but does not cover connectivity to UNIX or non-domain computers.

We want to allow a few specific hosts at a small ASP to connect to a W2K
server in our DMZ using IPSec. We would use a pre-shared key for
encryption...a hardware VPN would not be appropriate because we would have
to trust their entire network; it is preferable to limit trust to specific
hosts...

TIA

--Maarten (e-mail address removed)
 
A

Alan Wood [MSFT]

Hi Maarten!
Yes this can be done, you have to either user Certificate or preshared
key authentication. IPSEC can use Kerb, preshared Key or Cert, the later 2
being used for non domain members.

Thank you,

Alan Wood[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

trusting problems 3
bowsing over IPSEC Tunnel 2
Placing a certificate on a non domain server 1
tips - trust between 2008 and 2003 domains 1
trust relationship with w2k and NT 1
Trust relationship between two domains 3
IPSEC between W2K domain member and W2K stand-alone 2
IPSec between 2 firewalls - possibilites/ideas? 1

Top