You can also use IPSec to provide server authentication. This is useful when restricting the range of computers that can connect to middle- tier application servers or database servers. IPSec provides three authentication options:
Kerberos
To use Kerberos, the computers must:
Be part of the same domain and forest
Be within a specific source address range
Be within the same subnet
Use static IP addresses
Pre-shared secret key
To use pre-shared secret-key-based authentication, the two computers must share an encryption key.
Certificate-based authentication
To use certificate authentication, the two computers must trust a common certificate authority (CA), and the server that performs the authentication must request and install a certificate from the CA.
In this section, you set up IPSec authentication between two servers by using a pre-shared secret key.
Task To perform server-to-server authentication
Start the Local Security Policy MMC snap-in.
Right-click IPSec Security policies on the local machine , and then click Create IP Security Policy .
Type "MyAuthPolicy" for the name , and then click Next .
Clear the Activate the default response rule check box.
Click Next and then Finish .
The MyAuthPolicy Properties dialog box is displayed so that you can edit the policy properties.
Click Add , and then click Next three times.
In the Authentication Method dialog box, select Use this string to protect the key exchange (preshared key) .
Enter a long, random set of characters in the text box, and then click Next .
You should copy the key to a floppy disk or CD. You need it to configure the communicating server.
In the IP Filter List dialog box, select All IP Traffic , and then click Next .
In the Filter Action dialog box, select Request Security (Optional) , and then click Next .
Click Finish .
Test your application to verify the configured policy.