Hi, I've done a fair bit of reading and cbt videos, and have experimented for quite a bit in test environments, and I haven't come up with a best path for what I want to do. If someone could put me on the path to accomplish my goal, I would appreciate
it greatly.
I'm operating in an active directory environment at the 2008R2 functional level. I have a member server processing sensitive data which it receives from clients. My goal is to have all traffic between the member server and its clients encrypted with IPSEC, but can't quite find what I'm looking for after spending a fairly embarrassing bit of time looking. Do I want:
- IPSEC via group policy, whereby I apply a gpo with the IP Security policy "Server (request security)", to the server and apply a gpo to the clients with "Client (respond only)" set? If so, I haven't gotten this working, is there more configuration needed?
- Configure IPSEC Advanced firewall connection security rules?
- Both 1. and 2. above?
- Server and domain isolation? (This appears to be a lot of reading on whether or not it's a subset of the above methods, or a combination of them, or more).
If someone could point me to some documentation on the simplest way to do this, I would appreciate it greatly!!
Thanks,
Kevin