Normally L2tp is used for remote access vpn and requires a rras server and
machine certificates for client and server. Assuming you are talking about a
domain, ipsec is implemented via security policy with either a client, request,
or require policy depending on your needs. Usually servers have a require or
request policy and clients use the client/respond policy. For servers in a
domain that you want to have a request/require policy, you may want to put them
in their own OU and configure the policy via GPO for the OU. Then you could
configure the client policy the same way or at the domain level. Microsoft does
not support ipsec negotiation between domain members and domain controllers, so
you would want to modify your policies to exempt domain controllers based on
their ip addresses. Be sure to test out any ipsec policies thoroughly ahead of
time before implementing. --- Steve
http://support.microsoft.com/?kbid=254949
http://support.microsoft.com/default.aspx?scid=kb;en-us;301284
http://www.microsoft.com/windows2000/techinfo/planning/security/ipsecsteps.asp