Interoperability with Microsoft Windows* 2000

Microsoft Windows* 2000 contains built-in Internet Protocol Security. If your LAN contains Windows 2000-based systems, they will be able to communicate securely with Intel® Packet Protect-enabled systems.

By default, IPSec is not enabled in Windows 2000. Windows 2000 is installed with "No Security" as the IPSec default action. You can use the IP Security Policy Management tool to activate IPSec in Windows 2000.

Windows 2000 has three IPSec default behaviors—Server, Secure Server, and Client—that you can choose from when you configure the system. 

Although Intel Packet Protect does not allow you to specify a size limit in the security actions, it will honor a rule from other IPSec implementations that do specify a size limit.

Limitations

There are two restrictions when configuring Windows 2000-based systems to interoperate with Intel Packet Protect.

Use the "All IP Traffic" Protocol Filter

On Windows 2000, the rule used to communicate with Intel Packet Protect clients must be set to "All IP Traffic" protocol filter, even if you are only interested in specific protocols (e.g. TCP, UDP, etc) on top of IP.

For example, if you are only interested in TCP communications between Windows 2000 and Intel Packet Protect, you must create a new rule in Windows 2000, which can communicate with the active rule or default behavior on Intel Packet Protect. If you select TCP as the protocol filter in the Windows 2000 rule, the communication will FAIL. You MUST select "All IP Traffic" filter instead.

Use a Matching Pre-Shared Key

Currently, Intel Packet Protect interoperates with Windows 2000 using a pre-shared key. However, because Windows 2000 default authentication mechanism is Kerberos, which is not supported by Intel Packet Protect, the authentication must be changed to use pre-shared keys. Be sure to use the same pre-shared keys on Windows 2000-based systems as Intel Packet Protect-enabled systems for proper interoperability.

Creating Policies

To Create Custom IPSec Policies in Windows 2000

  1. On the taskbar, click Start and select Settings > Control Panel.

  2. Double-click Network and Dial-up Connections.

  3. Right-click Local Area Connection and select Properties.

  4. Click Advanced and select the Options tab.

  5. Under Optional settings, click IP security.

  6. Click Properties.

  7. Click Use this IP security policy, and then select the IPSec policy you want to use.

  8. You can also use the IPSecurity Policies snap-in in the Microsoft Management Console* (MMC). Set it to use the local system, right-click the policy you want to use, and then click Assign.

  9. You must be a member of the Administrators group to set IPSec policies. If a system participates in a Windows 2000 domain, the system may receive the IPSec policy from Active Directory, overriding the local IPSec policy. In this case, the options are disabled and you cannot change them from the local system.


Copyright © 2000, Intel Corporation. All rights reserved.

Intel Corporation assumes no responsibility for errors or omissions in this document. Nor does Intel make any commitment to update the information contained herein.

* Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe.