IPSec on heterogeneous environment - Win2k8, Vista, SLES, OpenSUSE
I am planning a deployment of the SDI solution proposed bye MS
([url]http://www.microsoft.com/sdisolation[/url]) on an environment composed by:
- Win2k8: DCs
- SLES10: Virtualization hosts
- OpenSUSE: Firewall, www, File, Backup, SVN + others
I am wondering which the best arhcitecture would be. My thoughts drove me to:
- IKE: Use Kerberos v5. Linux boxes are joined to the Windows Domain.
- Auth: Use ESP-null as my network is segmented and I will need to NAT IPSec.
- IPSec in transport mode.
- Policies: Windows systems get the policy from the DC while Linux systems
has the policy deployed locally (As far as I know I cannot distribute the
policy via GPO to Linux systems)
I am aiming to secure the hole network using IPSec. I have ~100 Vista
workstations joined to this Win2k8 domain. A few questions are:
- Does the scope seems feasible? I have never deployed an IPSec solution
- Do you smell any drawback?
Right now, I am driving a set of proof of concepts and your advice will be
more than useful.
Thanks in advance,