IPSec policy

A

Alice

I need to create an IPSec policy to allow a W2kPro domain
computer to communicate securely with a non-domain
W2kServer. It must communicate normally with all other
domain computers.
I have created a policy within AD U&C for the Pro computer
and I have created an identical local policy on the non-
domain server. Both are assigned. When I ping the server
from the pro station, the ping is normal and I have no
activity in the IPSec Monitor on either the DC or the non-
domain server. What am I missing?
 
M

Miha Pihler

Hi Alice,

I am not sure what is your IPSec configuration but by default ping (ICMP) is
not in default IPSec policy. Only IP protocol is. Try some other protocol.

What is your method of authentication between DCs and non domain computers?

Mike
 
A

Alice

Thanks for the response Mike,

The non-domain computer has no knowledge of any domain
resources except via IP.

For testing I am using a shared key.

I changed the protocol from TCP to Any and the ping test
worked, plus I saw activity in IPSec Monitor.

I also ran Netdiag /test:ipsec on both machines and they
are pulling the policy.

Is there anything else I can do to prove the policies are
working correctly?

Thanks!
 
M

Miha Pihler

Alice,

Only other thing you can do to "prove" is to sniff the traffic...

My advice, use certificates for authentication. If this is not possible use
very long ... shared key (pass phrase)...

Mike
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IPSec and Group Policy 4
Packet Filter Policy is missing 1
"There are 0 filters" using IPSec via GPO 4
Apply IPSec policy per user, not per computer 2
IPSec on webserver 3
IPSEC not working 5
IP IPSEC Policy blocking ping 5
secure server policy 5

Top