ipsec and encryption in mixed environment

[Heath]

I was interested in using ipsec in order to encrypt
network traffic.

We use windows 2000 servers but our desktops are mixed
between win2k, win95, and winxp.

Any suggestions on how to set this up?

Do I just set up servers with Server- Request Security and
the Win2k Pro with Client - Respond Only using Group
Policies or is it more complicated then that?

What about domain controllers?

 

[Steven L Umbach]

That would just about work. Traffic would only be encrypted when a W2K/XP
computer is accessing a server with the request policy. Keep in mind that
ipsec encryption does incur overhead in performance. Make sure you read the
somewhat confusing KB link below on how ipsec works between domain
controllers and domain members or more accurately how it doesn't work. You
will want to create a rule the exempts traffic to/from domain controllers
and member computers and be sure to test out policies before rolling out
domain wide.. --- Steve

http://support.microsoft.com/?kbid=254949

 

[IBTerry [MSFT]]

The following paper details some of the pros/cons of deploying IPSEC in a
corporate environment.

Using Microsoft Windows IPSec to Help Secure an Internal Corporate Network
Server
http://www.microsoft.com/downloads/details.aspx?FamilyID=a774012a-ac25-4a1d-
8851-b7a09e3f1dc9&DisplayLang=en

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.