ipsec

Create an IPSec tunnel directly to a remote Windows server @import url("http://i.techrepublic.com.com/css/tr2006.css"); @import url("http://i.techrepublic.com.com/css/tr_ws2006.css"); @import url("http://news.zdnet.com/css/z/ads/hs.css"); @import url("http://i.techrepublic.com.com/css/trArticle.css"); On CHOW: Does drinking ice water burn calories? BNET Business Network: BNET | TechRepublic | ZDNet My Workspace | My Newsletters Log in | Get a free membership Home Blogs Downloads Forums Photos Videos Webcasts White Papers Software Jobs Training Store in Articles all of TechRepublic Create an IPSec tunnel directly to a remote Windows server by Michael "Mullins CCNA, MCP" | Jul 07, 2005 7:00:00 AM Tags: VPNs, NETWORKING, Network security, SECURITY, Network technology, Michael Mullins CCNA, MCP, Microsoft Windows, Microsoft Windows Server, IPSec, IP, router, server, Security Solutions Newsletter 1 comment(s) Email Save Print Digg This 4 Takeaway: Creating an IPSec tunnel directly to a remote Windows 2000 or 2003 server has its benefits. Learn about the details of making this type of secure connection. Most network administrators who work withrouters are familiar with creating IPSec tunnels between routersfor WAN links. However, it's also possible to create an IPSectunnel directly to a remote Windows 2000 or 2003 server. While this isn't a common task for systemadministrators, it does offer benefits. Let's delve into thedetails of creating this type of secure connection. Configure the server Configuring the server for inbound and outboundcommunications is relatively simple. Follow these steps: Log on to the server with an account that haslocal administrative privileges.Go to Start | Run, and entersecpol.msc.Right-click IP Security Policies On LocalMachine, and select Create IP Security Policy. This launches the IPSecurity Policy Wizard.Click Next. In the IP Security Policy Namesection, name the new policy (a typical convention is to use thename of the site to which the policy will connect), and enter thepolicy's purpose in the Description text box.In the Request For Secure Communicationsection, leave the Activate The Default Response Rule check boxselected. This ensures that the server responds to IPSec requestswith this rule when no other rule is present.In the Default Response Rule Authenticationsection, click the bottom radio button, and enter the preshared keythat you'll enter on the router that will make this VPN connection.This key must be exactlyidentical to what you enter on the VPN router. The recommendedlength is more that seven characters and/or numbers.Click Next, and click Finish to close the IPSecurity Policy Wizard.Add rules for the tunnel The properties for your IPSec policy will nowappear. To begin editing the properties of the IPSec tunnel, followthese steps: Click Add,and click Next to launch the Security Rule Wizard.In the Tunnel Endpoint section, specify thetunnel end point IP address (the remote router's external IPaddress), and click Next.In the Network Type section, choose LocalArea Network (LAN), and click Next. (If you'reusing Windows Server 2003, skip to Step 5.)In the Authentication Method section, enterthe preshared key (the same key you entered before), and clickNext.In the IP Filter List section, select All IPTraffic (unless you want to define the specific ports andprotocols), and click Next.In the Filter Action section, create a filteraction by clicking Add and choosing Next, which launches the FilterAction Wizard.Name the filter (e.g., Filter-Policy Name),and click Next.In the Filter Action General Options section,select Negotiate Security, and click Next.In the Communicating With Computers That DoNot Support IPSec section, leave the Do Not Communicate WithComputers That Do Not Support IPSec check box selected. (Don'tallow unsecure communication to your internal server; this could bea spoofed connection that doesn't have the correct crypto policy.)Click Next.In the IP Traffic Security section, selectCustom, and click Settings.Make sure you've selected the Data IntegrityAnd Encryption (ESP) check box.Select MD5 from the Integrity Algorithmdrop-down list, and choose DES from the Encryption Algorithmdrop-down list.Choose Session Key Settings, and select theGenerate A New Key Every 3600 Seconds check box.Click OK, click Next, and click Finish.In the Filter Action section, select thefilter action you just created, and select Next. (If you're usingWindows Server 2003, enter the preshared key here, and clickNext.)Click Finish, click OK, and click Close.This process creates the IPSec tunnel rule.Once you've configured the router, right-click the security policyyou created, and select Assign. Final thoughts Protecting communications from an internalserver to an external network is easy using IPSec between the twonetworks. It's simply a matter of properly configuring both therouter and the servers. Worried about security issues? Who isn't? Automatically sign up for our free Security Solutions newsletter, delivered each Friday, and get hands-on advice for locking down your systems. 1 comment(s) Email Save Print Digg This 4 Print/View all Posts Comments on this article What are the benefits?cyberpsych1@... | 02/26/08 What do you think? Alert me when new posts are added Add Comment @import url("http://i.techrepublic.com.com/css/simplyHired.css"); TechRepublic Featured Jobs Job Title/Location Posted Powered by: . White Papers 5 Steps to Successful IT Consolidation Riverbed Steelhead Appliances and Steelhead Mobile Provide Real-time Collaboration Everywhere for Leading Environmental Planning Organization Riverbed The Value of Network Monitoring - Why It's Essential to Know Your Network Ipswitch Accelerating Satellite WANs with Riverbed Riverbed Real Customers, Real Results: 4 Case Studies Riverbed The Value of Performance: the Riverbed Experience Riverbed Article Categories Security Security Solutions, IT Locksmith Networking and Communications E-mail Administration NetNote, Cisco Routers and Switches CIO and IT Management Project Management, CIO Issues, Strategies that Scale Desktops, Laptops & OS Windows 2000 Professional, Microsoft Word, Microsoft Excel, Microsoft Access, Windows XP, Data Management Oracle, SQL Server Servers Windows NT, Linux NetNote, Windows Server 2003 Career Development Geek Trivia Software/Web Development Web Development Zone, Visual Basic, .NET A ZDNet brand Site Help & Feedback About CNET Networks | Jobs | Advertise | Partnerships | Mobile BNET | CNET.com | CNET Channel | GameSpot | International Media | MP3.com | mySimon | Search.com | TechRepublic | TV.com | ZDNet Copyright © 2008 CNET Networks, Inc. All Rights Reserved. Privacy Policy | Terms of Use Discover tests mobile payments2:03Discover Financial Services CIO: Diane Offereins Renting green cars0:58Avis-Budget VP of Technology: John Turato LinkedIn vs. Facebook, MySpace2:03LinkedIn VP of Technical Operations: Lloyd Taylor Measuring energy usage with smarter meters1:14PG&E CIO: Pat LawickiView all CIO Vision Series Videosразделы мурано пескоструйка планирование день raymond weil очки ночной видение ipsec thuraya озеленение купить яйцеварку компания сент-лючии автономный электроснабжение i`m o.k./герои гроб видеосъемка крутой xxx видео корпаративные праздник лучший ковры магнитный доска скачать короткий нард зеркало багуа фосфорицирующая краска холодильник neff нард скачать крановый тележка государственный герб kyiv apartaments service поливомоечная машина антенна тиристорный контактор ковры резиновый фасадный покрытие люминисцентная краска растворитель спецобувь заказ ром доставка уличный барбекю очистка подогреватель этикетировочные машина дезинфекция белье озонатор воздуха видеорегистраторы силуэт слимент лифт тренировка память купить nokia 9300i man гильза доставка дров операторский центр герб вышивка вытяжка крона бесплатный нард asus p505 de luxe 5040.11 хоссе карерас билет асбест стальной топкий spartherm kyiv apartaments service протеин отбеливание перевод итальянский срочный перевод сервис холодильник кристофер брэнд имплантат курьерский почта маска косметический эксимер лазер нард скачать бесплатный datamax крупный жилищный комплекс купить блинницу заказать микроавтобус кулер 754 детский гинеколог охота пиранья редизайн кострома билет цдкж охота бабочка банковский ячейка снегоход буран протеин срезанный цвет кострома жилье иностранный долг ariston опт прайс сушильный машина рефрижератор перегородка сантехкабин de luxe 5040.11 уличный барбекю архитектурный визуализация итальянский вина sky link лидо пекарня деловой костюм эдас-134 аденома предст.ж-зы билет балет позитивный психология измеритель сопротивление кулер регулируемый чувствительный кожа ваза 2110 скачать короткий нард li-da метробонд пакет гриппер выделенка кадровый владимир квн ipsec