IPSec policy on servers connected to 2 networks

Hi. I am currently investigating how to setup an IPSec policy on a small
network (single domain) of ~20 windows 2003 and 2000 servers and ~10 windows
xp and 2000 workstations. Of the 20 servers 5 of them are directly
connected to other networks via a second nic, the IP address ranges of these
second network connections also vary.

If possible can anyone advise how I can deploy a policy to enable IPSec on
the internal domain traffic while still allowing these 5 servers to continue
communicating to their second network in the clear ? I'm comfortable with
setting up IPSec, it's how to handle the two network issue I'm stuck on.

Thanks,
Stuart.

Except for when you indicate the interface type (all, LAN, or remote), the
IPsec engine doesn't care about interfaces -- it concerns itself only with
IP addresses and any rules that match those addresses.

What kind of policies do you want on the internal domain?


--
Steve Riley
(E-Mail Removed)
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


"Stuart" <newsgroups> wrote in message
news:(E-Mail Removed)...
> Hi. I am currently investigating how to setup an IPSec policy on a small
> network (single domain) of ~20 windows 2003 and 2000 servers and ~10
> windows xp and 2000 workstations. Of the 20 servers 5 of them are
> directly connected to other networks via a second nic, the IP address
> ranges of these second network connections also vary.
>
> If possible can anyone advise how I can deploy a policy to enable IPSec on
> the internal domain traffic while still allowing these 5 servers to
> continue communicating to their second network in the clear ? I'm
> comfortable with setting up IPSec, it's how to handle the two network
> issue I'm stuck on.
>
> Thanks,
> Stuart.

Instead of defining your rules as to/from My Address define
them using to/from IP of concern for the traffic type.

"Stuart" <newsgroups> wrote in message
news:(E-Mail Removed)...
> Hi. I am currently investigating how to setup an IPSec policy on a small
> network (single domain) of ~20 windows 2003 and 2000 servers and ~10
> windows xp and 2000 workstations. Of the 20 servers 5 of them are
> directly connected to other networks via a second nic, the IP address
> ranges of these second network connections also vary.
>
> If possible can anyone advise how I can deploy a policy to enable IPSec on
> the internal domain traffic while still allowing these 5 servers to
> continue communicating to their second network in the clear ? I'm
> comfortable with setting up IPSec, it's how to handle the two network
> issue I'm stuck on.
>
> Thanks,
> Stuart.