Announcement

Collapse
No announcement yet.

IPSEC what do I do ?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IPSEC what do I do ?

    Hi All

    I have had a request to do ome ipsec work, i have never done it before and would be grateful if anyone has any pointers on what to look out for and what to do in my scenario.......

    I will start by describing our network and computer layout....
    we have a single AD domain - We have loads of servers (win2003sp1) 200+ and loads of client pc's (XP SP2) 3000+

    We have a requirement for encrypting the data from a specific server to a specific group of PC's and blocking that specific data from everyone else on the network.

    so its a 1-to-many encryption sort of thing -

    My colleague has given me this task, but as im quite new and junior in the organisation i was a bit wary of what is required - however IPSEC has been mentioned as a possibility.

    I am pretty familiar with AD and i have had a look at the ipssec settings.

    I was thinking new GPO - with server in and a policy for REQUIRE IPSEC
    then a gpo with the clients in - do i have to do anything with a gpo for the clients for them to participate in IPSEC ?

    Any direction appreciated. I will also go off now and have a search of the forums for anything simialar...

    Thankyou in advance
    WAZZIE

  • #2
    Re: IPSEC what do I do ?

    Most important warning: Test it in a seperate enviroment!!!
    If something goes work you can destroy the network entirely.
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: IPSEC what do I do ?

      Agree with Dumber.

      Client side setting will be using "respond only". You should see it in the default GPO policy.

      Once again. Test before deploy.
      Just another MCP

      Comment

      Working...
      X