IPSec on Domain Controllers and Trusted Domains

Posted by OneLogicalMyth on Server Fault See other posts from Server Fault or by OneLogicalMyth
Published on 2014-03-14T16:19:45Z Indexed on 2014/08/23 22:24 UTC
Read the original article Hit count: 266

I am looking at configuring IPSec as follows:

  • Isolation
  • Request authentication for inbound and outbound connections
  • Computer and user (Kerberos V5)

I am looking to do a blanket deployment across all servers and domain controllers. Workstations I will leave as not set.

What impact in terms of the domain controllers with the 2-way forest trust do think I would see?

Should I exclude the IP addresses of the trusted domain controllers?

I don't want to stop communication between the current and trusted forest, however I do want IPsec to be used within the current forest on all servers.

The trusted forest is running 2008 R2 and the current forest is 2012 R2.

© Server Fault or respective owner

Related posts about ipsec

Related posts about windows-server-2012-r2