Click here to get back home

IPSec
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
IPSec John 09-12-2007
---> Re: IPSec Brian Komar09-12-2007
---> Re: IPSec Steve Riley [MS...09-13-2007
Posted by John on September 12, 2007, 6:33 pm
Please log in for more thread options
 Hi everyone,

Is it possible to make a computer in a workgroup to "talk" with a
server/computer that belongs to a domain using IPSec.

I'm not talking a bout VPN, both machines are in the same physical network
and authentication using certificates isn't a option, so all I can use is
Kerberos.



Posted by Brian Komar on September 12, 2007, 9:31 pm
Please log in for more thread options
 Not going to work. Computers in a workgroup do not do Kerberos
Your only two choices are shared secret or certificates
Why are certificates not an option?
Brian

> Hi everyone,
>
> Is it possible to make a computer in a workgroup to "talk" with a
> server/computer that belongs to a domain using IPSec.
>
> I'm not talking a bout VPN, both machines are in the same physical network
> and authentication using certificates isn't a option, so all I can use is
> Kerberos.
>


Posted by John on September 13, 2007, 7:02 pm
Please log in for more thread options
That's what I thought
I've been told that creating a IPSec policy and configuring that IPSec
policy in some servers in domain using only AH (Authentication Header) using
Kerberos authentication would work for comunication witrh XP machines not
members of the domain.
Does this sounds correct for you?
Thanks for your time.



> Not going to work. Computers in a workgroup do not do Kerberos
> Your only two choices are shared secret or certificates
> Why are certificates not an option?
> Brian
>
>> Hi everyone,
>>
>> Is it possible to make a computer in a workgroup to "talk" with a
>> server/computer that belongs to a domain using IPSec.
>>
>> I'm not talking a bout VPN, both machines are in the same physical
>> network and authentication using certificates isn't a option, so all I
>> can use is Kerberos.
>>
>



Posted by Steve Riley [MSFT] on September 13, 2007, 10:54 pm
Please log in for more thread options
Wow. Whoever is telling you this must be on some really good drugs!
Non-domain computers cannot do any kind of Kerberos communications at all.

--
Steve Riley
steve.riley@microsoft.com
http://blogs.technet.com/steriley
http://www.protectyourwindowsnetwork.com


> That's what I thought
> I've been told that creating a IPSec policy and configuring that IPSec
> policy in some servers in domain using only AH (Authentication Header)
> using Kerberos authentication would work for comunication witrh XP
> machines not members of the domain.
> Does this sounds correct for you?
> Thanks for your time.
>
>
>
>> Not going to work. Computers in a workgroup do not do Kerberos
>> Your only two choices are shared secret or certificates
>> Why are certificates not an option?
>> Brian
>>
>>> Hi everyone,
>>>
>>> Is it possible to make a computer in a workgroup to "talk" with a
>>> server/computer that belongs to a domain using IPSec.
>>>
>>> I'm not talking a bout VPN, both machines are in the same physical
>>> network and authentication using certificates isn't a option, so all I
>>> can use is Kerberos.
>>>
>>
>
>

Posted by John on September 15, 2007, 3:15 pm
Please log in for more thread options
eheheh...

Thank you for your time...
But we never know when something strange is possible, so is better to ask
than try to do stupid configurations.

;)

> Wow. Whoever is telling you this must be on some really good drugs!
> Non-domain computers cannot do any kind of Kerberos communications at all.
>
> --
> Steve Riley
> steve.riley@microsoft.com
> http://blogs.technet.com/steriley
> http://www.protectyourwindowsnetwork.com
>
>
>> That's what I thought
>> I've been told that creating a IPSec policy and configuring that IPSec
>> policy in some servers in domain using only AH (Authentication Header)
>> using Kerberos authentication would work for comunication witrh XP
>> machines not members of the domain.
>> Does this sounds correct for you?
>> Thanks for your time.
>>
>>
>>
>>> Not going to work. Computers in a workgroup do not do Kerberos
>>> Your only two choices are shared secret or certificates
>>> Why are certificates not an option?
>>> Brian
>>>
>>>> Hi everyone,
>>>>
>>>> Is it possible to make a computer in a workgroup to "talk" with a
>>>> server/computer that belongs to a domain using IPSec.
>>>>
>>>> I'm not talking a bout VPN, both machines are in the same physical
>>>> network and authentication using certificates isn't a option, so all I
>>>> can use is Kerberos.
>>>>
>>>
>>
>>



Similar ThreadsPosted
ipsec October 29, 2005, 4:21 am
OSX and Ipsec September 17, 2006, 11:14 pm
IPSec blocked my BDC July 6, 2005, 12:37 pm
IPSec Replication August 15, 2005, 4:55 am
two CA certificates for IPSec or something... September 17, 2005, 3:58 pm
IPSec NAT-T disabled on SP2 September 19, 2005, 12:11 pm
Problem with IPSEC July 17, 2006, 10:53 am
IPSec Filter August 31, 2006, 11:23 pm
IPSec and Kerberos September 27, 2006, 10:17 am
two CA certificates for IPSec or something... February 16, 2007, 1:57 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap