Automate IPSEC Domain/Network Isolation implementation in a blended environment
Thank you for taking time to review this post.
We have been tasked to implement Domain Isolation using IPSEC to secure the departmental server resources. The environment is a large campus area network. Picture a large college campus, hospital, or other enterprise network with multiple departments on the same "network".
Number of servers: ~75
Number of users: ~1200
The environment has the following OS(s):
XP, WIN7, WIN8, W2K3, W2K8, W2K8R2, W2K12, W2K12R2, OSX (mac)
My colleague's question: Is there a way to incorporate Mac, XP, Win7, various server OS(s) all together for an automated deployment? Realizing the >Vista machines can be deployed by GPO, we are struggling with how to do so with the XP and MACs.
My colleague and I have spent quite some time researching this to no avail.
I appreciate any guidance.
Regards,
Bob
We have been tasked to implement Domain Isolation using IPSEC to secure the departmental server resources. The environment is a large campus area network. Picture a large college campus, hospital, or other enterprise network with multiple departments on the same "network".
Number of servers: ~75
Number of users: ~1200
The environment has the following OS(s):
XP, WIN7, WIN8, W2K3, W2K8, W2K8R2, W2K12, W2K12R2, OSX (mac)
My colleague's question: Is there a way to incorporate Mac, XP, Win7, various server OS(s) all together for an automated deployment? Realizing the >Vista machines can be deployed by GPO, we are struggling with how to do so with the XP and MACs.
My colleague and I have spent quite some time researching this to no avail.
I appreciate any guidance.
Regards,
Bob
Rich,
Thanks for the reply. I am unfortunately hindered by the fact that I am coming into this late in the game and am not the principal in this initiative. With that said...
I am pretty sure that OS 10.9 can be managed directly by AD (from what I have read). Again not being the principal in this I have now way of testing to verify the solution.
There are 3rd party AD plugins which claim to integrate the MACs. Perhaps that will be the solution.
Again thanks for the reply.
Regards,
Bob
Thanks for the reply. I am unfortunately hindered by the fact that I am coming into this late in the game and am not the principal in this initiative. With that said...
I am pretty sure that OS 10.9 can be managed directly by AD (from what I have read). Again not being the principal in this I have now way of testing to verify the solution.
There are 3rd party AD plugins which claim to integrate the MACs. Perhaps that will be the solution.
Again thanks for the reply.
Regards,
Bob
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I do remember that there are some limitations in Vista and 2008, but not win7/win8, when it comes to NAT+IPSEC
http://support.microsoft.com/kb/926179
I have configured Linux/Unix hosts to talk to windows IPSEC host's using certificates and preshared keys, but I don't think it worked when we tried to use kerberos tickets.
http://msdn.microsoft.com/en-us/library/dd314176%28v=ws.10%29.aspx
-rich