How does domain isolation with Windows 2003 IPsec happen?

Giganews Newsgroups
Subject: How does domain isolation with Windows 2003 IPsec happen?
Posted by:  Simon (xchen…@gmail.com)
Date: Tue, 28 Oct 2008

Hi all,

I have a question regarding implementing domain isolation with IPsec
support from Windows 2003 (or higher.)

From the examples online, you only need to join a few machines into
the domain and they are magically protected from outsider attacks and
eavesdropping. I am wondering how exactly this should be configured,
especially using a group policy distributed from the domain
controller.

How should I write this policy in the domain controller? The most
naive way is to list all the IP addresses of all the domain members in
a filter list, and apply "secure" action to this filter. My questions
is, what if a new computer joins the domain or someone left? Do I,
presumably the domain admin, need to reconfigure the filter list every
time?

Is there a better way of doing this? Or, can some one show me the
correct way of doing it?
Thanks a lot!

-Simon

Replies