IPSec between 2 firewalls - possibilites/ideas?

[steve]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi there,

I've been asked to implement an IPSec tunnel for FTP purposes between two
networks.

Without going into too much detail i'd like to say that on my side there
will be sonicwall firewall with a Win2k server sitting in the DMZ serving
FTP.

The problem is the other end I have no knowledge of other than they are
using a Cisco 3030 - this i'm not too fussed about as it's not my problemand
they have decent network techs on site...

Now - as far as i am aware you cannot setup Win2K IPSec if the machines are
not trusted/members of the same domain - am i correct?

So i am assuming i have to create the tunnel to terminate at my SonicWall
firewall and then forward the necessary ports?

If so - the IPSec setup in Win2K should have what tunnel endpoint. My public
IP address? they will be FTPing data to me...

Thanks for any answers/guidance!!
steve

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

You can use ipsec for connections between computers on different networks or
between gateways but if the computers are not in the same AD forest you can
not use the default kerberos authentication. You still can use preshared key
or certificates for computer authentication. I suggest you first get
everything working with preshared key before you try to implement
certificate authentication. Also keep in mind that ipsec ESP will not work
over NAT without the NAT-T client and that NAT-T will only work if the
server device is NAT-T capable. AH will not work over a NAT device even
with NAT-T. The links below on configuring an ipsec tunnel may be of help
to you. If both networks have a Windows VPN server a router to router VPN
connection could be another possibility to built a secure tunnel over the
internet as shown in the white paper available in the last link. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;252735
http://www.cisco.com/warp/public/707/2000.html
http://support.microsoft.com/default.aspx?scid=kb;en-us;233256
http://www.microsoft.com/windows2000/server/evaluation/features/deplyr2rvpn.asp
http://www.microsoft.com/technet/community/columns/cableguy/cg0802.mspx



"Steve" <stevenyusta@hotmail.com> wrote in message
news:db8vlf$n0p$1@news.freedom2surf.net...
> Hi there,
>
> I've been asked to implement an IPSec tunnel for FTP purposes between two
> networks.
>
> Without going into too much detail i'd like to say that on my side there
> will be sonicwall firewall with a Win2k server sitting in the DMZ serving
> FTP.
>
> The problem is the other end I have no knowledge of other than they are
> using a Cisco 3030 - this i'm not too fussed about as it's not my
> problemand
> they have decent network techs on site...
>
> Now - as far as i am aware you cannot setup Win2K IPSec if the machines
> are
> not trusted/members of the same domain - am i correct?
>
> So i am assuming i have to create the tunnel to terminate at my SonicWall
> firewall and then forward the necessary ports?
>
> If so - the IPSec setup in Win2K should have what tunnel endpoint. My
> public
> IP address? they will be FTPing data to me...
>
> Thanks for any answers/guidance!!
> steve
>
>
>