10.3. Enabling IPsec Between Front- and Back-End Servers

Problem

You want to protect traffic between your front- and back-end servers by using IPsec.

Solution

Using a graphical user interface

To create a new IPsec policy for HTTP, POP, and IMAP on the front-end server, do the following:

  1. Log on to the front-end server with an account that has administrative privileges.

  2. Open the Microsoft Management Console (mmc.exe).

  3. From the menu select File Add/Remove Snap-In. When the Add Standalone Snap-in dialog box appears, click the Add button.

  4. Select the group policy snap-in from the list (Group Policy Object Editor on Windows 2000, Group Policy on Windows 2003) and click the Add button.

  5. The Select Group Policy Object dialog box appears. Make sure the Group Policy Object field says Local Computer, and click Finish.

  6. Click Close and click OK to return to the management console.

  7. Expand the IPsec policy object, which is located under Local Computer Policy Computer Configuration Windows Settings Security Settings IP Security Policies on Local Computer.

  8. Right-click IP Security Policies on Local Computer and select Create IP Security Policy.

  9. When the IP Security Policy wizard appears, click Next.

  10. Give the policy a name (and, optionally, a description) and click Next.

  11. Click Next to keep the default response rule.

  12. In the Default Response Rule Authentication Method dialog box, make sure that Active Directory default (Kerberos V5 protocol) is selected and click Next.

  13. Click Finish; the properties dialog box ...

Get Exchange Server Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial