|
The quote relates to when you are using Kerberos
as the method to setup the secure connection (ISAKMP). If you use certificated
then IPSec can be used end-to-end between clients/member servers and DCs. Aric From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Tony Murray Hi Phil Here's the text I was referring to: Currently, we do not support using IPSec
to encrypt network traffic from a domain member server to a domain controller
when you apply the IPSec policies by using Group Policy or when you use the
Kerberos authentication method. The goal with IPSec is to encrypt the
traffic between the two sides and with the scenario described below you would
need Kerberos authentication. Or have I missed something? Tony From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Renouf Did I miss something in that article? I don't see where it says client
> DC via IPSec is not supported; just that you can't encrypt Kerberos
traffic. Phil On 9/7/05, Tony
Murray <[EMAIL PROTECTED]>
wrote: > If you absolutely HAVE to then I would prefer to look at
using IPSec for communication between the Sharepoint box and your DC's IPSec would be good, but it isn't
supported between member servers and DCs. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q254949 Tony From: [EMAIL PROTECTED]
[mailto:
[EMAIL PROTECTED]] On
Behalf Of Phil Renouf I would look at putting the Sharepoint server on the internal network
and deploy an ISA server in the DMZ and use Web Publishing or Server Publishing
to get your external clients access to the site. If you want to open access
from the DMZ to your AD If you absolutely HAVE to then I would prefer to look at using IPSec
for communication between the Sharepoint box and your DC's. That leaves you
only needing the IPSec port open and not the very large number of ports to
support AD communication. Phil On 9/7/05, Jason B
<[EMAIL PROTECTED]
> wrote: Because this will be a sharepoint server for
clients. Regardless, that
This e-mail message has been scanned for Viruses and Content and
cleared by NetIQ MailMarshal at Gen-i Limited This e-mail message has been scanned for Viruses and Content and
cleared by NetIQ MailMarshal at Gen-i Limited |
- RE: [ActiveDir] Which ports to open in the DMZ to communicat... Bernard, Aric
- Re: [ActiveDir] Which ports to open in the DMZ to commu... Phil Renouf
- RE: [ActiveDir] Which ports to open in the DMZ to commu... Tony Murray
- RE: [ActiveDir] Which ports to open in the DMZ to commu... Bernard, Aric
- RE: [ActiveDir] Which ports to open in the DMZ to commu... Al Mulnick
- Re: [ActiveDir] Which ports to open in the DMZ to commu... Jason B
- RE: [ActiveDir] Which ports to open in the DMZ to c... Brian Desmond
- Re: [ActiveDir] Which ports to open in the DMZ ... Jason B
- RE: [ActiveDir] Which ports to open in the ... Brian Desmond
- Re: [ActiveDir] Which ports to open in... Jason B
- RE: [ActiveDir] Which ports to ope... Brian Desmond
