Article ID: 253169 - View products that this article applies to.
This article was previously published under Q253169
IP Security Protocol (IPSec) in Windows 2000 is designed to secure IP traffic between two computers that communicate by using their IP addresses. It uses filters defined in an IPSec policy to classify IP packets. After a packet is classified (matched to a filter), the configured filter action takes place.
IPSec is applied to IP packets as they are sent and received. Packets are matched against filters when they are being sent (outbound) to see if they should be secured, blocked, or passed in clear text. Packets are also matched when they are received (inbound) to see if they should have been secured, should be blocked, or should be passed (permitted) into the system in clear text.
By design, the following types of IP traffic are exempted and cannot be secured by IPSec in Windows 2000:
For more information about the IKE protocol see RFC 2409:
http://www.ietf.org/rfc/rfc2409.txtMicrosoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
For additional information about RSVP, click the article number below to view the article in the Microsoft Knowledge Base:
227261For more information about Kerberos, see the "Kerberos V5 Authentication" topic in Windows 2000 Help, and also the technical documents about Kerberos located at the following Microsoft Web site:
(http://support.microsoft.com/kb/227261/EN-US/ )Description of the Resource Reservation Protocol (RSVP)
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/security/kerberos/default.mspxFor additional information about the IPSec feature in Microsoft Windows Server 2003, click the following article number to view the article in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/810207/EN-US/ )IPSec Default Exemptions Are Removed in Windows Server 2003