IPSec preshared key in transport mode (no tunnel) in Windows 2003/XP

Discussion in 'Windows Server' started by Vic Samarakoon, Sep 25, 2004.

  1. Hi,

    I have set up an ipsec policy on my lan using Win2K3 that
    gets applied using port 80 tcp traffic and Kerberos
    authentication. This is working fine - ie) Clients that
    are on the domain can access the website securely and
    those on a workgroup can't. However when I change the
    policy to use a preshared key, the same client on the
    domain can still access the site - nowhere have I entered
    a preshared key on the client domain computer. I should
    now be able to apply the shared key to the workgroup
    computer and have that access the site - however I can't
    find out where to type in the key. There is a spot under
    VPN connection to type in a preshared key - however I am
    not setting up a VPN tunnel. All the hosts are on the
    same subnet and I have only configured ipsec transport
    mode. I am not using PPTP/L2TP.

    Can somebody enlighten me on how to get the computer on
    the workgroup talking to the web server via ipsec?
     
    Vic Samarakoon, Sep 25, 2004
    #1
    1. Advertisements

  2. actually i think i was confused but everything seems to
    be ok now...
    As i understand the reason why I didn't have to type in
    the preshared key seperately in the domain computer was
    because it was picking up the group policy ipsec filter
    which does have the preshared key typed in as it was in
    the Default Domain Policy.

    And the workgroup computer was resolved as I didn't apply
    an ipsec filter locally. I was expecting a dialog box to
    pop up asking for my preshared key but realised that you
    have to apply an ipsec filter to the local computer and
    specify preshared key.

    It's all working as expected now...
     
    Vic Samarakoon, Sep 25, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.