IPsec - restrict communcation

TheMSsForum.com: The Microsoft Software Forum

Platform= Windows 2000 Server

Hi is it possible to restrict servers communicating using IPSec.

ie. if you had 3 servers A, B and C
Can you use IPSEC so that A talks to B and C....
but B can only talk to A
and C can only talk to A
so that B and C do not commuicate
Top

Re: IPsec - restrict communcation by Steve

Steve
Wed Dec 22 18:40:41 CST 2004

I can help you, but first tell me more.

Are these requirements exclusive of all other communications? In other words,
are B and C allowed to talk to things other than A, but just not each other?
Or do you want to strictly limit the communications so that A is the only
thing both B and C are allowed to talk to?

Steve Riley
steriley@microsoft.com



> Platform= Windows 2000 Server
>
> Hi is it possible to restrict servers communicating using IPSec.
>
> ie. if you had 3 servers A, B and C
> Can you use IPSEC so that A talks to B and C....
> but B can only talk to A
> and C can only talk to A
> so that B and C do not commuicate


Top

Re: IPsec - restrict communcation by Roger

Roger
Thu Dec 23 01:25:23 CST 2004

"davran" <davran@discussions.microsoft.com> wrote in message
news:E1543CCB-6D72-421C-BF7F-34020440EEEB@microsoft.com...
> Platform= Windows 2000 Server
>
> Hi is it possible to restrict servers communicating using IPSec.
>
> ie. if you had 3 servers A, B and C
> Can you use IPSEC so that A talks to B and C....
> but B can only talk to A
> and C can only talk to A
> so that B and C do not commuicate
>

Yes, and in a number of ways.

--
Roger Abell


Top

Re: IPsec - restrict communcation by davran

davran
Thu Dec 23 01:37:01 CST 2004


Thanks Roger.
Sorry Steve, here's more info.
Let introduce a 4th server (server D) which is an application server. Both B
and C need to communicate with this

Server A would be domain controller/DNS.

B and C are member servers that will have communication with Svr D,..
application server but B doest not need to talk C.
I'm assuming you can create a filter list to permit traffic for
communication from specific IP addresses to specific IP addresses. I will
read up more on this but just wanted to get a overall concept of whether it
can happen.

Thanks for you responses, appreciated

Top

Re: IPsec - restrict communcation by Roger

Roger
Thu Dec 23 02:16:42 CST 2004

Basically, you can define rules which do indicate
qualifications by IP or IP subnet; but you can also
define other forms of evidence (like availability
of correct cert) as qualifiers for a rule.
IPsec is really quite flexible in capabilities.

--
Roger Abell

"davran" <davran@discussions.microsoft.com> wrote in message
news:6F6BC806-22BD-4B5E-9679-C2581A755ECC@microsoft.com...
>
> Thanks Roger.
> Sorry Steve, here's more info.
> Let introduce a 4th server (server D) which is an application server. Both
B
> and C need to communicate with this
>
> Server A would be domain controller/DNS.
>
> B and C are member servers that will have communication with Svr D,..
> application server but B doest not need to talk C.
> I'm assuming you can create a filter list to permit traffic for
> communication from specific IP addresses to specific IP addresses. I will
> read up more on this but just wanted to get a overall concept of whether
it
> can happen.
>
> Thanks for you responses, appreciated
>


Top

Re: IPsec - restrict communcation by davran

davran
Thu Dec 23 05:05:01 CST 2004


Great Thankyou Roger.

One last question,.Are the certs that are listed available free to use..?

"Roger Abell" wrote:

> Basically, you can define rules which do indicate
> qualifications by IP or IP subnet; but you can also
> define other forms of evidence (like availability
> of correct cert) as qualifiers for a rule.
> IPsec is really quite flexible in capabilities.
>
> --
> Roger Abell
>
> "davran" <davran@discussions.microsoft.com> wrote in message
> news:6F6BC806-22BD-4B5E-9679-C2581A755ECC@microsoft.com...
> >
> > Thanks Roger.
> > Sorry Steve, here's more info.
> > Let introduce a 4th server (server D) which is an application server. Both
> B
> > and C need to communicate with this
> >
> > Server A would be domain controller/DNS.
> >
> > B and C are member servers that will have communication with Svr D,..
> > application server but B doest not need to talk C.
> > I'm assuming you can create a filter list to permit traffic for
> > communication from specific IP addresses to specific IP addresses. I will
> > read up more on this but just wanted to get a overall concept of whether
> it
> > can happen.
> >
> > Thanks for you responses, appreciated
> >
>
>
>
Top

Re: IPsec - restrict communcation by davran

davran
Fri Dec 24 06:35:01 CST 2004


Thanks everyone

Top