IPSec is used to implement secure communications within a networking environment. If there are no other components within PKI that you wish to use, you should at least implement IPSec. It’s easy, there’s almost no overhead, and the benefits (although, hopefully unseen) can be huge. You can implement IPSec using the steps outlined below:

1. Begin by accessing Administrative Tools from the Start Menu. Select either Local Security Policy (for the standalone server or XP system) or Domain Policy (for the domain controller).

2. Select IP Security Policies.
3. Notice that on the right, there are three options.

For the Secure Server (required security) option: requiring IPSec for all remote connections

1. Double-click on the Secure Server option.

2. Click on the Add button, and Click Next twice.
3. Select Remote Access, and click on the Next button.
4. Select the All IP Traffic radio button, and click on the Next button
5. Click on the Require Security radio button and click on the Next button.
6. Click on the Next button again, and select Finish.
7. Double-click on the Secure Server option again.
8. One by one, delete all rules except for the one you just created.

For the Client (respond only) option: configuring for certificate-based authentication

1. Double-click on the Client (respond only) option

2. Double-click on the entry labeled
3. Select the Authentication Methods tab
4. Click on the Add button. Select the radio button entitled Use a Certificate from this Certification Authority (CA).
5. Your default CA should automatically be filled in. If it is blank, you’ll need to browse to the appropriate Certificate Server.
6. Click on the OK button three times.

[tags]diana huggins,windows server 2003,ipsec,administrative tools[/tags]