IPSEC - Client Respond only - Two OUs - 2008r2
-
Thursday, July 19, 2012 8:28 PM
I was under the impression that if I set client respond only on a gpo it would respond to any machines wishing to communicate using either require or request security or any other security policies; I have only one assigned in each ou.
I have two ou's in a test lab. One ou is for clients and has client respond only. I have checked using rsop that this has been applied and it has.
I have another ou with a custom rule setup to encrypt telnet. Between machines in the same OU I able to connect but from either clients in the client ou or from the domain controllers ou I get nothing.
What am I missing?
Thanks
All Replies
-
Friday, July 20, 2012 8:16 AMModerator
Hi,
Thank you for the post.
I was under the impression that if I set client respond only on a gpo it would respond to any machines wishing to communicate using either require or request security or any other security policies; I have only one assigned in each ou.
Yes.What am I missing?
IPSec policy have three policies (Server,Secure Server, Client). Server and Secure Server policies should be applied on server to send/response IPSec-enabled traffic. Client policies should be applied on client to only response IPSec-enabled traffic.
If you telnet client from server, it's okay to send IPSec request and receive IPSec response. But If you telnet server from client, client just send no-IPSec request and get block response from server. So Client IPSec policy is named as "response only" and server are protected from IPSec policy.
http://technet.microsoft.com/en-us/library/cc786870(WS.10).aspxIf there are more inquiries on this issue, please feel free to let us know.
RegardsRick Tan
TechNet Community Support
- Marked As Answer by Andrew Scratching His Head Saturday, July 21, 2012 4:06 PM
-
Saturday, July 21, 2012 4:06 PMThanks for the reply. I think I get it now?
.png)
