Assuming they do not have any ipsec policy configured at the domain/OU level,
configure an ipsec policy in Local Security Policy on each computer. You could
use the built in require policy as a model with the only difference being the
destination address would be the other computer's IP address which you would
want to be static. If both computers are in the same domain, kerberos will be
used for machine authentication. If they are not you will need to configure
either certificate or preshared key for machine authentication. Certificate
would be much more preferred, while pre shared key will work fine as long as the
pre shared key is complex and you understand that it is possible to extract the
pre shared key from the machine as it is stored in clear text. When done with
your policy, assign them on each computer and use ipsecmon to see if the policy
works. See the link below for more info. --- Steve
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp