Jump to content

How does domain isolation with Windows 2003 IPsec happen?

Guest Simon

By Guest Simon
in Techno Babble

 Share

Recommended Posts

Guest Simon

Guest Simon

Posted
Posted

Hi all,

 

I have a question regarding implementing domain isolation with IPsec

support from Windows 2003 (or higher.)

 

From the examples online, you only need to join a few machines into

the domain and they are magically protected from outsider attacks and

eavesdropping. I am wondering how exactly this should be configured,

especially using a group policy distributed from the domain

controller.

 

How should I write this policy in the domain controller? The most

naive way is to list all the IP addresses of all the domain members in

a filter list, and apply "secure" action to this filter. My questions

is, what if a new computer joins the domain or someone left? Do I,

presumably the domain admin, need to reconfigure the filter list every

time?

 

Is there a better way of doing this? Or, can some one show me the

correct way of doing it?

Thanks a lot!

 

-Simon

  • Replies 1
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Steve Riley [MSFT]

Guest Steve Riley [MSFT]

Posted
Posted

The domain isolation principle is uses IPsec with Kerberos authentication.

Servers receive policies that require inbound communications to be protected

with IPsec; clients receive policies instructing them to use IPsec when

communicating to severs within whatever address range you define.

 

http://technet.microsoft.com/en-us/network/bb545651.aspx has links to

various resources.

 

--

Steve Riley

steve.riley@microsoft.com

http://blogs.technet.com/steriley

Protect Your Windows Network: http://www.amazon.com/dp/0321336437

 

 

 

"Simon" <xchenum@gmail.com> wrote in message

news:805add47-ad0a-4ba9-96de-d51dd18d8ab0@75g2000hso.googlegroups.com...<span style="color:blue">

> Hi all,

>

> I have a question regarding implementing domain isolation with IPsec

> support from Windows 2003 (or higher.)

>

> From the examples online, you only need to join a few machines into

> the domain and they are magically protected from outsider attacks and

> eavesdropping. I am wondering how exactly this should be configured,

> especially using a group policy distributed from the domain

> controller.

>

> How should I write this policy in the domain controller? The most

> naive way is to list all the IP addresses of all the domain members in

> a filter list, and apply "secure" action to this filter. My questions

> is, what if a new computer joins the domain or someone left? Do I,

> presumably the domain admin, need to reconfigure the filter list every

> time?

>

> Is there a better way of doing this? Or, can some one show me the

> correct way of doing it?

> Thanks a lot!

>

> -Simon </span>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...