IPSec Question

Hi all

Currently studying for my 70-216 exam and I am getting
stuck on IPSec.

I have implemented the the secure server via group policy
(using the default domain policy). I thought by
implementing IPSec this way it would ensure IPSec
communications amongst all my PC's on my test network.

However, once implemented, no computers can communicate
with each other?

Furthermore, I don't understand why it only seems possible
to have one IPSec policy via group policies. e.g. you can
only assign one policy.

How would you then, for example, require secure access to
a file server, require unsecured access between some PC's
and secure access between particular PC's in the domain
(all PC's are using DHCP for IP address assignment)

Any recommendations to resources for IPSec would also be
appreciated.

Thanks

Paul

Rowdy
Mon Nov 03 06:40:53 CST 2003

if you set the req. secure on the server, don't you need to set it up on
the clients via gpo as well?

also, did you use the pre-built security tamplates?

"Paul" <anonymous@discussions.microsoft.com> wrote in news:0c0101c3a1fc
$035309b0$a101280a@phx.gbl:

Paul
Mon Nov 03 07:56:46 CST 2003

By setting the IPSec policy on the default domain policy
(computers) won't the settings be propogated throughout
the domain PC's?

Currently running the default security templates that
would have been applied when installing the machine.


>-----Original Message-----
>if you set the req. secure on the server, don't you need
to set it up on
>the clients via gpo as well?
>
>also, did you use the pre-built security tamplates?
>
>"Paul" <anonymous@discussions.microsoft.com> wrote in
news:0c0101c3a1fc
>$035309b0$a101280a@phx.gbl:
>
>
>.
>

Consultant
Mon Nov 03 09:09:16 CST 2003

are you using nat?


"Paul" <anonymous@discussions.microsoft.com> wrote in message
news:0c0101c3a1fc$035309b0$a101280a@phx.gbl...
> Hi all
>
> Currently studying for my 70-216 exam and I am getting
> stuck on IPSec.
>
> I have implemented the the secure server via group policy
> (using the default domain policy). I thought by
> implementing IPSec this way it would ensure IPSec
> communications amongst all my PC's on my test network.
>
> However, once implemented, no computers can communicate
> with each other?
>
> Furthermore, I don't understand why it only seems possible
> to have one IPSec policy via group policies. e.g. you can
> only assign one policy.
>
> How would you then, for example, require secure access to
> a file server, require unsecured access between some PC's
> and secure access between particular PC's in the domain
> (all PC's are using DHCP for IP address assignment)
>
> Any recommendations to resources for IPSec would also be
> appreciated.
>
> Thanks
>
> Paul
>

anonymous
Mon Nov 03 09:42:30 CST 2003

No - Just using a test network at home.

1 x Win2K DC - utilising AD
2 x Win2K clients

Have used the IPSec Policy Require Security and
implemented this on the default domain policy


>-----Original Message-----
>are you using nat?
>
>
>"Paul" <anonymous@discussions.microsoft.com> wrote in
message
>news:0c0101c3a1fc$035309b0$a101280a@phx.gbl...
>> Hi all
>>
>> Currently studying for my 70-216 exam and I am getting
>> stuck on IPSec.
>>
>> I have implemented the the secure server via group
policy
>> (using the default domain policy). I thought by
>> implementing IPSec this way it would ensure IPSec
>> communications amongst all my PC's on my test network.
>>
>> However, once implemented, no computers can communicate
>> with each other?
>>
>> Furthermore, I don't understand why it only seems
possible
>> to have one IPSec policy via group policies. e.g. you
can
>> only assign one policy.
>>
>> How would you then, for example, require secure access
to
>> a file server, require unsecured access between some
PC's
>> and secure access between particular PC's in the domain
>> (all PC's are using DHCP for IP address assignment)
>>
>> Any recommendations to resources for IPSec would also be
>> appreciated.
>>
>> Thanks
>>
>> Paul
>>
>
>
>.
>