Using IPSec to Encrypt IP Traffic
Topic Last Modified: 2005-05-25
Windows 2000 supports Internet Protocol security (IPSec), which is an Internet standard that allows a server to encrypt any IP traffic, except traffic that uses broadcast or multicast IP addresses. Generally, you use IPSec to encrypt HTTP traffic; however, you can also use IPSec to encrypt Lightweight Directory Access Protocol (LDAP), RPC, POP, and IMAP traffic. With IPSec you can:
Configure two servers running Windows 2000 to require trusted network access.
Transfer data that is protected from modification (using a cryptographic checksum on every packet).
Encrypt any traffic between the two servers at the IP layer.
In a front-end and back-end topology, you can use IPSec to encrypt traffic between the front-end and back-end servers that would otherwise not be encrypted. For more information about configuring IPSec with firewalls, see Microsoft Knowledge Base article 233256, "How to Enable IPSec Traffic Through a Firewall."