IpSec configuration with certification authentification

[Guest]

We are working on securing our backup network and having difficulties to use
the certification based authentification in IPSec.

We want to set up an authentification where only those servers that own our
certificate will be able to connect to our Legato server.

The system has to be low maintenance and should work without requiring
password authentification. The ownership of the certificate should allow the
servers to connect.

Is it possible to setup this type of authentification using IPSec ?
Is there a MS document that helps to setup the configuration ?

 

[Steve Riley [MSFT]]

Create your own Windows certificate authority. Enterprise is best because
that way you can configure auto-enrollment for machines (and even users on
Windows Server 2003). Issue computer certificates to all the machines in
question. Configure the rules in your IPsec policies to use certificate-based
authentication.

http://www.microsoft.com/windowsserver2003/technologies/networking/ipsec/default.mspx

Steve Riley
(e-mail address removed)