IPSec from one network segment to a second segment

Posted on 2005-04-12
Last Modified: 2013-12-04
I have been tasked with finding a way to set up an IPSec tunnel from one network segment to another network segment.  I have 300+ machines (WinXP, and 2000) on one segment, and 6 (Server 2003) on the other segment.  There is a firewall between the segments wiht only ports TCP 50, TCP 51, and UDP 500 open.  I have been told that you can then tunnel through that with IPSec to initiate communication from Windows XP, and 2000 to the Server 2003 servers on the other side.  

Does anyone know how to do this, or of a site that details this?  
Do I need a router on either side?  Can it be done without a router?

Thanks for any help.

Question by:JKandG
    LVL 38

    Accepted Solution


    Author Comment

    They want this done without using VPN.  This would be a direct computer to server connection.  I don't want the users to have to launch VPN to get to the file server.  

    Also, (I did not say this before) the 2 networks are in the same building.  

    LVL 12

    Assisted Solution

    What kind of firewall/VPN device do you have?

    This is a typical config:

    Network A -----------FW/VPN ------- Network B (Servers)

    Enable IPSec VPN rules on your firewall/VPN, use VPN client software on each of the 300 XP/2000 systems in Network A (where each system has the VPN Client launch on boot or logon), they VPN to the FW, have specific rights to the 6 Servers on Network B, and then they can access each specific server in Network B, have IPSec encryption, and are authenticated.

    If you want to use IPSec on each specific server, not recommended follow this guide:
    LVL 38

    Expert Comment

    by:Rich Rumble
    The links I provided show you how to setup IPSEC tunneling on win2k or xp. IPSEC is built-in to win2k and after nativly, and can be deployed using AD or copying the xxx.ipsec file to the machines and assigning them.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Join & Write a Comment

    Suggested Solutions

    The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
    Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now