IPSec policy

[Alice]

I need to create an IPSec policy to allow a W2kPro domain
computer to communicate securely with a non-domain
W2kServer. It must communicate normally with all other
domain computers.
I have created a policy within AD U&C for the Pro computer
and I have created an identical local policy on the non-
domain server. Both are assigned. When I ping the server
from the pro station, the ping is normal and I have no
activity in the IPSec Monitor on either the DC or the non-
domain server. What am I missing?

 

[Miha Pihler]

Hi Alice,

I am not sure what is your IPSec configuration but by default ping (ICMP) is
not in default IPSec policy. Only IP protocol is. Try some other protocol.

What is your method of authentication between DCs and non domain computers?

Mike

 

[Alice]

Thanks for the response Mike,

The non-domain computer has no knowledge of any domain
resources except via IP.

For testing I am using a shared key.

I changed the protocol from TCP to Any and the ping test
worked, plus I saw activity in IPSec Monitor.

I also ran Netdiag /test:ipsec on both machines and they
are pulling the policy.

Is there anything else I can do to prove the policies are
working correctly?

Thanks!

 

[Miha Pihler]

Alice,

Only other thing you can do to "prove" is to sniff the traffic...

My advice, use certificates for authentication. If this is not possible use
very long ... shared key (pass phrase)...

Mike