Archived from groups: microsoft.public.win2000.security (
More info?)
I don't know how to configure the Unix server offhand, but you can easily
create an ipsec policy for Windows 2000/XP Pro/W2003 domain computers via
security policy. Security policy is a subset of Group Policy under user
configuration/Windows settings/security settings where you will see IP
security policy. Windows comes with three default configured ipsec policies
for require, request, or client/respond. Any ipsec policy configured in a
Windows domain must however be configured to exempt at least domain
controllers from the ipsec negotiation policy or the domain can come to a
halt.
You have three options for computer authentication - kerberos, preshared key
[least secure but great for testing] , or certificate. Then you can tweak
the policy to use ESP or AH, though most of the time ESP is used for traffic
encryption and integrity. You will need to make sure that all computer can
use common methods for key exchange and ESP such as Diffie Hellman level,
DES, 3DES, SHA, or MD5. You may find ipsecmon helpful in troubleshooting
ipsec security associations with Windows 2000 computers and the mmc Ipsec
Monitor snapin for XP Pro and Windows 2003. The link below may help
ore. --- Steve
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp
"Ignacio" <Ignacio@discussions.microsoft.com> wrote in message
news:B1DEA107-ED9D-438F-8068-2A75921DCA9E@microsoft.com...
> Hi:
>
> I nedd config a GPO in my domain to all the computers use only IPSEC, I
> have
> another UNIX-based server (HP-UX), and I need all the clients conect with
> this server (over IPSEC), can I do it? if its possible, what software I
> need?
>
> Thks.
Facebook
Twitter
Instagram