Focus on Microsoft
Setting up IPSEC with servers in and out of a domain Nov 19 2007 06:11PM
Marty (skiandcave gmail com) (2 replies)
RE: Setting up IPSEC with servers in and out of a domain Nov 20 2007 05:32AM
Serge Vondandamo (serge vondandamo wanadoo fr)
Marty,

That is doable.
The conditions are that you will have to open the IPSEC ports on FWs on both
side of the communication channel.

IKE on UDP 500, IP 50 or IP 51 depending on either you are using AH or ESP
on the FWs at each side of the communication link.

If both servers are behind NAT devices the only ports you'll need will be
UDP 500 (IKE, ISAKMP) and UDP 4500 for NAT Traversal.

Be aware that Cisco IPSEC implementation will require an additional port to
be open; I think it is TCP 10000.

Cheers,
Serge Vondandamo, HND, CCNA, CISSP

-----Message d'origine-----
De : listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] De
la part de Marty
Envoyé : lundi 19 novembre 2007 19:11
À : focus-ms (at) securityfocus (dot) com [email concealed]
Objet : Setting up IPSEC with servers in and out of a domain

Greetings list,

Has anyone had success with using IPSEC to encrypt traffic between a
server in a domain and a server not in a domain? If not, are there
any third party solutions out there that can do this?

Thanks in advance,
Marty

[ reply ]
RE: Setting up IPSEC with servers in and out of a domain Nov 20 2007 12:20AM
Laura Robinson (geekwench hotmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus