IPSec provides technological support to implement a number of scenarios that improve enterprise network security:
■ Secure Server to Server: IPSec can be used to encrypt traffic between two servers. An example of this is Outlook Web Access and Exchange. All communications between the OWA server and the Exchange server could be authenticated and encrypted.
■ Server Isolation: IPSec can be used to isolate a server from unauthenticated (and possibly rogue) clients. A good example of this is a line of business application server. The application server would only grant access to machines that belong to the domain. All other clients would not be able to even establish a TCP connection; guaranteeing the application server is isolated from the unknown clients.
■ Domain isolation: IPSec can be used to isolate domain members from non-domain members. All domain members would be able to connect to each other securely. Non-domain members would not be able to connect to any domain machine, as they are not successfully authenticated. However, domain members may be able to connect to non-domain servers.