Networking and Access Technologies

IPsec

Internet Protocol security (IPsec) is a framework of open standards for protecting communications over Internet Protocol (IP) networks through the use of cryptographic security services. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. The Microsoft implementation of IPsec is based on standards developed by the Internet Engineering Task Force (IETF) IPsec working group.

IPsec is supported by the Microsoft Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000 operating systems and is integrated with Active Directory Domain Services (AD DS). IPsec policies can be assigned through Group Policy, which allows IPsec settings to be configured at the domain, site, organizational unit, or security group level.

In Windows Vista and Windows Server 2008, you can configure IPsec behavior with the Windows Firewall with Advanced Security snap-in.

Windows Server 2008 Product Documentation

Introduction to Windows Firewall with Advanced Security
Learn about the business and technical benefits, key scenarios, and managing Windows Firewall with Advanced Security.
Windows Firewall with Advanced Security Design Guide
Learn how to design Windows Firewall with Advanced Security settings and rules that meet your goals for network security.
Windows Firewall with Advanced Security Deployment Guide
Learn how to deploy a Windows Firewall with Advanced Security design for your organization.
Step-by-Step Guide: Deploying Windows Firewall Policies
Learn how to deploy Active Directory Group Policy objects (GPOs) to configure Windows Firewall with Advanced Security in Windows Vista and Windows Server 2008.
Netsh Commands for IPsec Denial of Service Protection in Windows Server 2008 R2
This reference is about a new IPsec context in the Network Shell (netsh) command-line tool in Windows Server 2008 R2. The new Netsh context helps to protect IPv6-based Internet Protocol security (IPsec) computers on your network from denial-of-service (DoS) attacks.
Windows Firewall with Advanced Security Troubleshooting Guide: Diagnostics and Tools
Learn about common troubleshooting situations and the tools that you can use for troubleshooting.

Introductory Overviews

Internet Protocol Security for Microsoft Windows Server 2003
This white paper provides an overview of IPsec support in Windows Server 2003, including the benefits of using IPsec, common IPsec scenarios, the basics concepts of the IPsec deployment process, and how IPsec works.
How to Use IPsec to Help Secure Network Traffic
This TechNet Support WebCast describes how to use IPsec in Microsoft Windows to help secure network traffic.
Using IPsec for Network Protection: Part 1 of 2
This article in TechNet's Security Management column provides an introduction to IPsec operations.
Using IPsec for Network Protection: Part 2 of 2
This article in TechNet's Security Management column describes common IPsec scenarios.
IEEE 802.1X for Wired Networks and Internet Protocol Security with Microsoft Windows
This white paper compares the security and capabilities of 802.1X for wired networks and IPsec and their support in Windows Server 2003 and Windows XP.

Deployment Resources

Windows Firewall with Advanced Security Design Guide
Learn how to design Windows Firewall with Advanced Security settings and rules that meet your goals for network security.
Windows Firewall with Advanced Security Deployment Guide
Learn how to deploy a Windows Firewall with Advanced Security design for your organization.
Windows Server 2003 Deployment Kit: Deploying IPsec
This chapter of the Deploying Network Services book in the Microsoft Windows Server 2003 Deployment Kit contains guidelines and recommended processes for designing and deploying IPsec.
Active Directory in Networks Segmented by Firewalls
This white paper describes best practices for deploying Active Directory domain controllers in segmented networks and includes detailed procedures for configuring IPsec policies to protect Active Directory traffic between domain controllers on opposite sides of a firewall and recommended practices for managing IPsec policies that are assigned to domain controllers.
Server and Domain Isolation Using IPsec and Group Policy
This Solution Accelerator is designed to support a server and domain isolation solution through all stages of the IT life cycle.
Simplifying IPsec Policy with the Simple Policy Update
This article describes how the Simple Policy Update for Windows Server 2003 and Windows XP helps simplify IPsec policy in domain isolation scenarios.
Managing Intra-Windows Compatibility for IPsec
This white paper includes information about managing IPsec compatibility among the IPsec-capable Windows operating systems.

Windows Server 2003 Resources

Windows Server 2003 Product Documentation
This is the full set of product documentation for IPsec that is provided with Windows Server 2003.
Windows Server 2003 Deployment Kit: Deploying IPsec
This chapter of the Deploying Network Services book in the Microsoft Windows Server 2003 Deployment Kit contains guidelines and recommended processes for designing and deploying IPsec.
Windows Server 2003 Technical Reference: IPsec Technical Reference
This section of the Windows Server 2003 Technical Reference contains in-depth technical information about IPsec in Windows Server 2003.

Troubleshooting Resources

Windows Firewall with Advanced Security Troubleshooting Guide: Diagnostics and Tools
Learn about common troubleshooting situations and the tools that you can use for troubleshooting.
IPsec Troubleshooting Tools
This Windows Server 2003 Help and Support topic describes various tools, tasks, and techniques that you can use to gather information and troubleshoot IPsec connections.
IPsec Troubleshooting
This Windows Server 2003 Help and Support topic describes the most common problems you might encounter with IPsec. For each problem, the most probable causes and solutions are discussed.

Downloads

Microsoft IPsec Diagnostic Tool
This tool allows you to troubleshoot network communication issues, focusing on IPsec. It can be used with Windows Vista, Windows Server 2008, Windows XP, and Windows Server 2003.
IPsec Simple Policy Update for Windows Server 2003 and Windows XP
This update for Windows Server 2003 and Windows XP helps simplify the creation and maintenance of IPsec filters, reducing the number of filters that are required for a Server and Domain Isolation deployment. The Simple Policy Update removes the requirement for explicit network infrastructure permit filters and introduces enhanced fallback to clear behavior.

The Cable Guy Articles

L2TP/IPsec Client Updates

L2TP/IPsec NAT-T Update for Windows XP and Windows 2000
L2TP/IPsec NAT-T Update for Windows XP and Windows 2000 includes improvements to IPsec to better support virtual private network (VPN) clients behind NATs through support for IPsec NAT traversal.