|< Day Day Up >|| |
Configuring IPSec on individual computers is straightforward. However, for an IPSec implementation to be successful in a large organization, IPSec policies must be deployed to all computers in the organization. The Active Directory directory service makes deploying IPSec much easier than it would be otherwise, but not all client computers will participate in a trusted domain. To successfully deploy IPSec in the real world, you must understand the various methods used for deploying IPSec and the circumstances in which to use each method.
After IPSec is deployed, you must be able to monitor and troubleshoot IPSec. IPSec requires specialized tools and skills for monitoring and troubleshooting because, by its very nature, it makes network communications next-to-impossible to interpret. Monitoring IPSec is necessary to confirm that IPSec has been successfully deployed and is actively protecting communications. Monitoring is also an important technique for isolating problems that occur during IPSec negotiations.
This chapter describes the various ways to deploy, monitor, and troubleshoot IPSec. The exercises and troubleshooting lab in this chapter will give you the hands-on experience you need to understand IPSec both for the exam and in production environments.
If you fulfilled the requirements for the previous chapters, you already have the necessary hardware and software configured. You can use the computers in the state they were in after completing the previous chapters, or you can install the software from scratch. To do the practices, examples, and lab exercises in this chapter, you must have:
A private network that is connected to the Internet and protected by a firewall. This network should not have any production computers connected to it.
Two computers. Perform a Microsoft Windows Server 2003 installation with default settings, and assign the computer name Computer1. Add the Domain Controller role to the computer, using the default settings, and specify the domain name cohowinery.com. Configure the computer to use itself as its own primary Domain Name System (DNS) server. Then add the Application Server role with the default settings. On the second computer, perform a Windows Server 2003 installation with default settings, and assign the computer name Computer2. Configure the computer to use Computer1 as its primary DNS server. Then join Computer2 to the cohowinery.com domain as a member server.
|< Day Day Up >|| |