Windows Server 2008
--
Questions
--
Followers
Top Experts
WIndows 2008 and ipsec
Hello everybody,
in my lab network i would llike to test ipsec  to encrypt a telnet session between a workstation and server both in the same domain. Since I am new with Windows server 2008 I am little bit puzzled on how to configure an ipsec rule or better connection security rules.
below are the detail about my lab network
1 DC windows server 2008 sp1
1 Member server Windows 2008 sp1 (the telnet server)
1 workstation member Windows XP SP2 (the telnet client)
so my question is it possible to use telnet with ipsec between an xp client and server running windows 2008; if so what are the steps to be taken?
Thanks in advance for your help
Leonardo
in my lab network i would llike to test ipsec  to encrypt a telnet session between a workstation and server both in the same domain. Since I am new with Windows server 2008 I am little bit puzzled on how to configure an ipsec rule or better connection security rules.
below are the detail about my lab network
1 DC windows server 2008 sp1
1 Member server Windows 2008 sp1 (the telnet server)
1 workstation member Windows XP SP2 (the telnet client)
so my question is it possible to use telnet with ipsec between an xp client and server running windows 2008; if so what are the steps to be taken?
Thanks in advance for your help
Leonardo
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Well, you have a number of choices.
IPSec is indeed native to windows these days, and a site-to-site can be set up quite simply. Decent guide here:
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911
you can also use pptp for the same purpose.
However, if all you want is encrypted telnet, then you might want to consider using openssh instead - that's encrypted telnet, plus some file transfer capabilities.
http://sshwindows.sourceforge.net/
this is much simpler, and you can use any ssh client (such as putty) or scp/sftp client (such as winscp or filezilla) along with either normal windows usernames/passwords or if you wish, rsa certificates.
IPSec is indeed native to windows these days, and a site-to-site can be set up quite simply. Decent guide here:
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3489911
you can also use pptp for the same purpose.
However, if all you want is encrypted telnet, then you might want to consider using openssh instead - that's encrypted telnet, plus some file transfer capabilities.
http://sshwindows.sourceforge.net/
this is much simpler, and you can use any ssh client (such as putty) or scp/sftp client (such as winscp or filezilla) along with either normal windows usernames/passwords or if you wish, rsa certificates.
Hi Dave,
and thanks for your reply, but the reason why I am trying to confgiure a windows xp sp3 to use ipsec communictions in a Windows server 2008 scenary is for a better understanding of the new windows firewall rules and the connections security rules.
So far I have succeeded in making ipsec connections between a Vista and windows 2008 server but I am still experiencing some problems between xp pro sp3 and windows 2008 server.
Anyhow thanks again for your reply
Leonardo
and thanks for your reply, but the reason why I am trying to confgiure a windows xp sp3 to use ipsec communictions in a Windows server 2008 scenary is for a better understanding of the new windows firewall rules and the connections security rules.
So far I have succeeded in making ipsec connections between a Vista and windows 2008 server but I am still experiencing some problems between xp pro sp3 and windows 2008 server.
Anyhow thanks again for your reply
Leonardo
are you getting any errors in the logs while establishing the tunnel?
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
its possible that the firewall rules are being performed on egress, rather than on the decrypted traffic - so you would need to permit ipsec packets, not tcp/23 (telnet)
this is udp port 500 (aka IKE) and IP protocol 50 (ESP) - note however that ESP is an IP protocol at the same level as tcp or udp, not a port within either of those protocols; this can be awkward to specify in firewalls. with many, your only recourse is to specifically block icmp, tcp and udp, (all any->any) then allow "any" as a protocol.
this is udp port 500 (aka IKE) and IP protocol 50 (ESP) - note however that ESP is an IP protocol at the same level as tcp or udp, not a port within either of those protocols; this can be awkward to specify in firewalls. with many, your only recourse is to specifically block icmp, tcp and udp, (all any->any) then allow "any" as a protocol.
Windows Server 2008
--
Questions
--
Followers
Top Experts
Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.