Guest Shanthi Posted December 4, 2008 Posted December 4, 2008 I want to restrict the clients who are not membered in my domain. Even if they have similar series IP, they should not be able to ping my network IP. How to do the same. Server : Windows 2003 Std Sp2 Firewall : ISA 2004 Std on Windows 2003 Std Sp2 Thanks Shanthi P Quote
Guest Steve Riley [MSFT] Posted December 6, 2008 Posted December 6, 2008 You can use group policy to assign IPsec policies too all your domain-joined machines. Your servers will have IPsec policies in "require" mode, meaning that they will ignore any clients that try to connect without matching IPsec policies. And since the only way to get the policies is to join the domain, you'll have achieved your requirement. We've documented this using a concept called server and domain isolation. Read more here: http://technet.microsoft.com/en-us/network/bb545651.aspx -- Steve Riley steve.riley@microsoft.com http://blogs.technet.com/steriley Protect Your Windows Network: http://www.amazon.com/dp/0321336437 "Shanthi" <Shanthi@discussions.microsoft.com> wrote in message news:7E7242F4-AAAC-466D-8657-B3CC16D664BB@microsoft.com...<span style="color:blue"> > I want to restrict the clients who are not membered in my domain. Even if > they have similar series IP, they should not be able to ping my network > IP. > > > > How to do the same. > > > > Server : Windows 2003 Std Sp2 > > Firewall : ISA 2004 Std on Windows 2003 Std Sp2 > > > > Thanks > > Shanthi P > > > </span> Quote
Guest Shanthi Posted December 6, 2008 Posted December 6, 2008 Hai, Thanks for your response. I went through the link give. I need step to step guide to implement the same in my environment. Could you please help me? Thanks Shanthi "Steve Riley [MSFT]" wrote: <span style="color:blue"> > You can use group policy to assign IPsec policies too all your domain-joined > machines. Your servers will have IPsec policies in "require" mode, meaning > that they will ignore any clients that try to connect without matching IPsec > policies. And since the only way to get the policies is to join the domain, > you'll have achieved your requirement. > > We've documented this using a concept called server and domain isolation. > Read more here: http://technet.microsoft.com/en-us/network/bb545651.aspx > > -- > Steve Riley > steve.riley@microsoft.com > http://blogs.technet.com/steriley > Protect Your Windows Network: http://www.amazon.com/dp/0321336437 > > > > "Shanthi" <Shanthi@discussions.microsoft.com> wrote in message > news:7E7242F4-AAAC-466D-8657-B3CC16D664BB@microsoft.com...<span style="color:green"> > > I want to restrict the clients who are not membered in my domain. Even if > > they have similar series IP, they should not be able to ping my network > > IP. > > > > > > > > How to do the same. > > > > > > > > Server : Windows 2003 Std Sp2 > > > > Firewall : ISA 2004 Std on Windows 2003 Std Sp2 > > > > > > > > Thanks > > > > Shanthi P > > > > > > </span></span> Quote
Guest Paul Adare Posted December 6, 2008 Posted December 6, 2008 On Sat, 6 Dec 2008 07:26:07 -0800, Shanthi wrote: <span style="color:blue"> > Thanks for your response. I went through the link give. I need step to step > guide to implement the same in my environment. Could you please help me?</span> Look at the bottom of the page you were sent to under Deployment Resources. There are Step-by-Step guides there already. -- Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.