You want to protect traffic between your front- and back-end servers by using IPsec.
To create a new IPsec policy for HTTP, POP, and IMAP on the front-end server, do the following:
Log on to the front-end server with an account that has administrative privileges.
Open the Microsoft Management Console (mmc.exe).
From the menu select File→ Add/Remove Snap-In. When the Add Standalone Snap-in dialog box appears, click the Add button.
Select the group policy snap-in from the list (Group Policy Object Editor on Windows 2000, Group Policy on Windows 2003) and click the Add button.
The Select Group Policy Object dialog box appears. Make sure the Group Policy Object field says Local Computer, and click Finish.
Click Close and click OK to return to the management console.
Expand the IPsec policy object, which is located under Local Computer Policy→ Computer Configuration→ Windows Settings→ Security Settings→ IP Security Policies on Local Computer.
Right-click IP Security Policies on Local Computer and select Create IP Security Policy.
When the IP Security Policy wizard appears, click Next.
Give the policy a name (and, optionally, a description) and click Next.
Click Next to keep the default response rule.
In the Default Response Rule Authentication Method dialog box, make sure that Active Directory default (Kerberos V5 protocol) is selected and click Next.
Click Finish; the properties dialog box ...