IPsec
Internet Protocol security (IPsec) is a framework of open standards for protecting communications over Internet Protocol (IP) networks through the use of cryptographic security services. IPsec supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. The Microsoft implementation of IPsec is based on standards developed by the Internet Engineering Task Force (IETF) IPsec working group.
IPsec is supported by the Microsoft Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000 operating systems and is integrated with the Active Directory directory service. IPsec policies can be assigned through Group Policy, which allows IPsec settings to be configured at the domain, site, or organizational unit level.
Introductory Overviews
Deployment Resources- Active Directory in Networks Segmented by Firewalls
This white paper describes best practices for deploying Active Directory domain controllers in segmented networks and includes detailed procedures for configuring IPsec policies to protect Active Directory traffic between domain controllers on opposite sides of a firewall and recommended practices for managing IPsec policies that are assigned to domain controllers. - Server and Domain Isolation
A server and domain isolation solution based on Windows IPsec and Active Directory enables administrators to dynamically segment their Windows environment into more secure and isolated logical networks based on policy and without costly changes to their network infrastructure or applications. - Simplifying IPsec Policy with the Simple Policy Update
This article describes how the Simple Policy Update for Windows Server 2003 and Windows XP helps simplify IPsec policy in domain isolation scenarios. - Managing Intra-Windows Compatibility for IPsec
This white paper includes information about managing IPsec compatibility among the IPsec-capable Windows operating systems.
Troubleshooting Resources- IPsec Troubleshooting Tools
This Windows Server 2003 Help and Support topic describes various tools, tasks, and techniques that you can use to gather information and troubleshoot IPsec connections. - IPsec Troubleshooting
This Windows Server 2003 Help and Support topic describes the most common problems you might encounter with IPsec. For each problem, the most probable causes and solutions are discussed. - Troubleshooting IPsec
Chapter 7 of the Server and Domain Isolation guide provides a 3-tier support structure and troubleshooting procedure for investigating IKE negotiation failures, IPsec communication issues, and potential issues with Group Policy and IPsec policy management.
Downloads- Microsoft IPsec Diagnostic Tool
This tool allows you to troubleshoot network communication issues, focusing on IPsec. It can be used with Windows Vista, Windows Server 2008, Windows XP, and Windows Server 2003. - IPsec Simple Policy Update for Windows Server 2003 and Windows XP
This update for Windows Server 2003 and Windows XP helps simplify the creation and maintenance of IPsec filters, reducing the number of filters that are required for a Server and Domain Isolation deployment. The Simple Policy Update removes the requirement for explicit network infrastructure permit filters and introduces enhanced fallback to clear behavior.
TechNet Cable Guy Articles
Additional Resources
L2TP/IPsec Client Updates- L2TP/IPsec NAT-T Update for Windows XP and Windows 2000
L2TP/IPsec NAT-T Update for Windows XP and Windows 2000 includes improvements to IPsec to better support virtual private network (VPN) clients behind NATs through support for IPsec NAT traversal. - Microsoft L2TP/IPsec VPN Client
The Microsoft Layer Two Tunneling Protocol (L2TP)/IPsec VPN Client allows computers running Windows 98, Windows Me, and Windows NT Workstation 4.0 to use L2TP connections with IPsec.
.gif "Top of Page") Top of page |
Community
Frequently Asked Questions
Related Web Sites |