Here’s an interesting network isolation via IPsec case study

Ian has posted about a University in Brazil that has successfully deployed IPsec based network isolation to a thousand desktops in only two days! Ian links directly to a case study article that explains how they went about the task of segmenting their network.

IPsec is an oft misunderstood technology due to it's complexity - there's a great deal of guidance available on the subject as I've blogged about many times - type in "ipsec" in the search field to the left hand side of my blog to find out more - click here to see for yourself. Of course you can browse to the main IPsec area of the Microsoft website too.

As mentioned in earlier posts you can take advantage of Security Configuration Wizard's ability to implement IPsec based signing and encryption - there's blogcast showing you how to do so - click here to view it.

Comments (3)

  1. Nick Burch says:

    The IPSec area looks good, but there doesn’t seem to be much on interoperability. It’s probably ok for those just having windows machines, but what about those of us with windows, mac and linux clients?

    I’d love to know how to get windows clients to play nicely with my existing linux+mac ipsec solution, or even how to set up a windows based ipsec system, and connect mac + linux to it. As it is, my windows machines lack a VPN, which isn’t ideal….

  2. Steve Lamb says:

    Hi Nick,

    I understand that not everyone enjoys the benefits of homogenous environments and have put feelers out to find someone who has recent experience of IPsec interoperability. I’ve implemented IPsec solutions in the past and found problems due to the differing degrees of compliance to RFCs by software authors. It’s some time since I’ve tried IPsec between different platforms hence asking the community.

  3. Steve Lamb says:

    Nick> Good news – moments after sending an email to the Microsoft Security community (on a Saturday) I received a message from someone who’s testing mixed platform IPsec – I’ll share the details via my blog.

Skip to main content