Help with IPSec

  • Thread starter Thread starter Anonymous
  • Start date Start date
A

Anonymous

In Windows Vista, I have enabled the built-in Secure Server IPSec rule.
Since I cannot find any built-in rules in Windows Vista, how can I enable
secure communication between Vista and the XP machine? Where can I find some
sort of guide or information on this? I have searched Google and Microsoft,
but couldn't find anything too useful for Windows Vista. Thanks in advance.
 
First, what exact threat are you trying to mitigate? IPsec is for enterprise
use primarily. If you only have a couple of machines on a small network it is
really not necessary, or shouldn't be anyway.

Second, there is not really a single paper on how to use IPsec for specific
problems. The Vista book (see my sig) has some general walk-throughs, and
there is a whole host of free information at the Microsoft IPsec Tech Center:
http://www.microsoft.com/ipsec.

The general way to approach this would be to first figure out what your
objective is, then analyze the traffic you need to permit, and how, to meet
that objective. Finally, build yourself rules for securing that traffic. For
example, if you simply want all traffic between two computers to be
authenticated you can set up a Connection Security Rule in the Windows
Firewall with Advanced Security to do that. You would use a Server-to-Server
rule, specify the two addresses and specify an authentication protocol. Doing
the same thing on XP is quite a bit more involved, but the very first
white-paper on the Tech Center (even though it says it is for Windows Server
2003) will help you.
 
Thank you, Jesper, for your informative post!

Jesper said:
First, what exact threat are you trying to mitigate? IPsec is for enterprise
use primarily. If you only have a couple of machines on a small network it is
really not necessary, or shouldn't be anyway.

Second, there is not really a single paper on how to use IPsec for specific
problems. The Vista book (see my sig) has some general walk-throughs, and
there is a whole host of free information at the Microsoft IPsec Tech Center:
http://www.microsoft.com/ipsec.

The general way to approach this would be to first figure out what your
objective is, then analyze the traffic you need to permit, and how, to meet
that objective. Finally, build yourself rules for securing that traffic. For
example, if you simply want all traffic between two computers to be
authenticated you can set up a Connection Security Rule in the Windows
Firewall with Advanced Security to do that. You would use a Server-to-Server
rule, specify the two addresses and specify an authentication protocol. Doing
the same thing on XP is quite a bit more involved, but the very first
white-paper on the Tech Center (even though it says it is for Windows Server
2003) will help you.
Click to expand...
 
Back
Top