Intel® Packet Protect User’s Guide
64
Interoperability with Windows* 2000
By default, IPSec is not enabled in Windows 2000. Windows 2000 is installed
with “No Security” as the IPSec default action. You can use the IP Security Pol-
icy Management tool to activate IPSec in Windows 2000.
Windows 2000 has three IPSec default behaviors—Server, Secure Server, and
Client—that you can choose from when you configure the computer.
Currently, Packet Protect interoperates with Windows 2000 using a pre-shared
key. However, because Windows 2000 default authentication mechanism is Ker-
beros, which is not supported by Packet Protect, the authentication must be
changed to use pre-shared keys. Be sure to use the same pre-shared keys on
Windows 2000 computers as Packet Protect-enabled computers for proper
interoperability.
Tips: If you have Windows 2000 computers and want them to communicate
securely with Packet Protect-enabled computers, you must use the
Default Rule that is set up with the Packet Protect System Policy. Do
not erase or modify the Default Rule for best results.
For maximum interoperability, be sure to place each Windows 2000
computers in its own Destination Workgroup.
Creating Policies
To create custom IPSec policies in Windows 2000
1. On the taskbar, click Start and select Settings > Control Panel.
2. Double-click Network and Dial-up Connections.
3. Right-click Local Area Connection and select Properties.
4. Click Advanced and select the Options tab.
5. Under Optional settings, click IP security.
6. Click Properties.
7. Click Use this IP security policy, and then select the IPSec policy you want to
use.
You can also use the IPSecurity Policies snap-in in the Microsoft Management
Console (MMC). Set it to use the local computer, right-click the policy you want
to use, and then click Assign.
You must be a member of the Administrators group to set IPSec policies. If a
computer participates in a Windows 2000 domain, the computer may receive the
IPSec policy from Active Directory, overriding the local IPSec policy. In this
case, the options are disabled and you cannot change them from the local com-
puter.