IPSec - Network

This is a discussion on IPSec - Network ; Hi, I am trying to set up IPSec on Server 2k3 to require a certificate on all IP traffic, the problem is after I install the IPSec certificates issued by my own CA, and create the rule requiring the certificates, ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: IPSec

  1. IPSec

    Hi, I am trying to set up IPSec on Server 2k3 to require a certificate on all
    IP traffic, the problem is after I install the IPSec certificates issued by
    my own CA, and create the rule requiring the certificates, the server cannot
    negotiate the security... perchance there be a well written tutorial for
    implementing certificates and requiring them for all traffic...


  2. RE: IPSec

    Do you get any form of errors? If you change it from using certificates to
    using a pre-assigned key does it work? I guess what I am trying to get at
    is, where is the issue? With the certificate or is it potentially with the
    network and the protocols that are being used?

    "Ghost Writer" wrote:

    > Hi, I am trying to set up IPSec on Server 2k3 to require a certificate on all
    > IP traffic, the problem is after I install the IPSec certificates issued by
    > my own CA, and create the rule requiring the certificates, the server cannot
    > negotiate the security... perchance there be a well written tutorial for
    > implementing certificates and requiring them for all traffic...
    >


  3. RE: IPSec

    It is the certificate. It works with the PSK and with Kerberos (Active
    Directory) but I want to figure out why it won't work with a certificate.
    Thanks!

    "ribst" wrote:

    > Do you get any form of errors? If you change it from using certificates to
    > using a pre-assigned key does it work? I guess what I am trying to get at
    > is, where is the issue? With the certificate or is it potentially with the
    > network and the protocols that are being used?
    >
    > "Ghost Writer" wrote:
    >
    > > Hi, I am trying to set up IPSec on Server 2k3 to require a certificate on all
    > > IP traffic, the problem is after I install the IPSec certificates issued by
    > > my own CA, and create the rule requiring the certificates, the server cannot
    > > negotiate the security... perchance there be a well written tutorial for
    > > implementing certificates and requiring them for all traffic...
    > >


  4. Re: IPSec

    Try the tutorial below:

    http://technet2.microsoft.com/Window...d7fba1033.mspx

    Here are some links with additional information:

    http://technet2.microsoft.com/window...ies/ipsec.mspx
    http://www.microsoft.com/technet/pro...o/ispstep.mspx
    http://www.microsoft.com/technet/net.../ipsecfaq.mspx
    http://www.microsoft.com/technet/sec.../ipsecapa.mspx

    I hope this helps.

    --
    Greg Lindsay [MSFT]

    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.

    "Ghost Writer" wrote in message
    news:0525DD36-6370-4CDB-BB66-D0E23C9B9411@microsoft.com...
    > Hi, I am trying to set up IPSec on Server 2k3 to require a certificate on
    > all
    > IP traffic, the problem is after I install the IPSec certificates issued
    > by
    > my own CA, and create the rule requiring the certificates, the server
    > cannot
    > negotiate the security... perchance there be a well written tutorial for
    > implementing certificates and requiring them for all traffic...
    >




  5. Re: IPSec

    There are very detailed guides for deploying IPsec using Kerberos and/or
    Certificates, called 'Server and Domain Isolation' linked at the following
    site:
    http://www.microsoft.com/technet/net...o/default.mspx

    Chapter 7 of the Domain Isolation whitepaper covers IPsec troubleshooting in
    depth.
    http://www.microsoft.com/technet/sec.../ipsecch7.mspx

    You can enable logon/account logon success/failure auditing to generate 547
    event id errors in the security log for failed IPsec negotiations.
    To get even more detailed information, you can also enable Oakley logging to
    track each step of the IKE negotiation process.
    http://support.microsoft.com/kb/257225/en-us

    Jason



    "Greg Lindsay [MSFT]" wrote in message
    news:e%23CQE1DYHHA.1388@TK2MSFTNGP05.phx.gbl...
    > Try the tutorial below:
    >
    > http://technet2.microsoft.com/Window...d7fba1033.mspx
    >
    > Here are some links with additional information:
    >
    > http://technet2.microsoft.com/window...ies/ipsec.mspx
    > http://www.microsoft.com/technet/pro...o/ispstep.mspx
    > http://www.microsoft.com/technet/net.../ipsecfaq.mspx
    > http://www.microsoft.com/technet/sec.../ipsecapa.mspx
    >
    > I hope this helps.
    >
    > --
    > Greg Lindsay [MSFT]
    >
    > Disclaimer: This posting is provided "AS IS" with no warranties, and
    > confers no rights.
    >
    > "Ghost Writer" wrote in message
    > news:0525DD36-6370-4CDB-BB66-D0E23C9B9411@microsoft.com...
    >> Hi, I am trying to set up IPSec on Server 2k3 to require a certificate on
    >> all
    >> IP traffic, the problem is after I install the IPSec certificates issued
    >> by
    >> my own CA, and create the rule requiring the certificates, the server
    >> cannot
    >> negotiate the security... perchance there be a well written tutorial for
    >> implementing certificates and requiring them for all traffic...
    >>

    >
    >



+ Reply to Thread