IPSEC between Unix servers and Windows XP client

5 pts.
Tags:
IPsec
IPsec VPN
Microsoft Windows XP
Unix Servers
Windows XP clients
Is there a way to set up IPSEC between Unix servers and windows xp client separated by firewall in between.
Also will it be possible to limit the ports in which a application hosted on unix server talk back to windows client sitting on other side of firewall by using IPSEC

Answer Wiki

Thanks. We'll let you know when a new response is added.

Implementing IPSec for Data Transfers between XP Clients and Unix Servers

Windows Powered NAS appliances can also use the IPSec integrated in Windows XP to provide enhanced protection of network data flowing across enterprise networks.

IPSec is a network protocol that was designed by the Internet Engineering Task Force (IETF) to provide IP packets with data authentication, integrity, confidentiality, and replay protection. IPSec is implemented at the IP Transport Layer, which enables a high level of protection for applications, services, and upper layer protocols such as TCP and UDP.

IPSec negotiations between the source and destination systems require mutual authentication before the exchange of secured data. Windows IPSec provides multiple methods of authentication to ensure compatibility with legacy systems, non-Windows-based systems, and remote computers.

In order to ensure that for eg. Company XYZ data remains encrypted during data transfers between client notebooks and Windows Powered NAS appliances, IPSec can be implemented in the Active Directory environment. The flexibility of IPSec can be utilized to assign different polices and levels of security for different computers and users. In addition, computers can be configured to accept or transmit data only if an IPSec secure channel can be established.

The amount of configuration required to enable IPSec will be minimized by using the default Windows IPSec authentication method: Kerberos v5. This is also the standard authentication protocol used between Windows 2000 systems that are members of an Active Directory domain. Company XYZ selected Kerberos authentication and domain trusts to simplify the management of IPSec configuration. If required in the future, certificates or pre-shared keys can be used for non-trusted domains or third-party interoperability.

To enforce the use of IPSec for all network communications between the company-owned notebooks and the Windows Powered NAS appliance without applying it to all other computers in the Active Directory domain, Company XYZ creates an organizational unit (OU) named Financial Systems that contains two child OUs: NAS and Notebooks. The NAS OU contains all appropriate Windows Powered NAS appliance computer objects. The Notebooks OU contains all appropriate notebook computer objects.

A Group Policy is created and linked to the NAS OU that sets configuration parameters for IPSec policy to require security. This will require that all IP traffic between the Windows Powered NAS appliances and clients use IPSec to encrypt network data transfers and will not allow any unsecured communication with non-trusted clients.

A second Group Policy is created and linked to the Notebooks OU that sets configuration parameters for IPSec policy to request security. This will allow computers in the Notebook OU to communicate normally with all other servers, but to use IPSec for network data transfers to the Windows Powered NAS appliances.

Hope this info may helo u !

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following