locked
IPSec to secure SQL Server Connection RRS feed

  • Question

  • Hi,
    I'm trying to secure my SQL Server connection using IPSec. For this I made the necessary IPSec policy on the server which hosts the SQL Server. I have a very basic doubt in this scenario. Do I need to import this policy into every client machine which needs to access the SQL server ? or is there  any way that the client can automatically install this policy when tries to connect to the server ?

    Thanks,

    RK

    Monday, November 29, 2010 3:53 PM

Answers

  • Hi svramakris,

     

    Do we need to import this policy onto the clients to secure the connection ?

    If we have enable ForceEncryption option, all the connection to this instance will be encrypted automatically. For more information about this option, please refer to this link: http://msdn.microsoft.com/en-us/library/ms189067.aspx

     

    If you want to get more information about IPSEC, please ask it in Windows Server forum and you will get specific support.

     

    If anything is unclear, please let me know.


    Regards,
    Tom Li
    • Marked as answer by Tom Li - MSFT Wednesday, December 8, 2010 10:26 AM
    Wednesday, December 1, 2010 6:21 AM

All replies

  • I'm not sure I understand your situation, but using SQL Server Configuration Manager, you can configure the server to require the connections to negotiate a secure connection.

    1. Open SQL Server Configuration Manager on the computer hosting SQL Server.

    2. Expand SQL Server Network Configuration.

    3. Right-click the instance of SQL Server that you want, and then click Properties.

    4. On the Flags tab, set Force Encryption to Yes.

    No all incoming clients will be required to use SSL.

    A separate, but related issue, is what certificate you are using. If that is relevant to your question, start by using the F1 help topic for that Configuration Manager page.


    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty
    Monday, November 29, 2010 5:57 PM
  • Thank you for the reply. We have implemented SSL to secure SQL Server connection. Now we are implementing IPSec to achieve the same. Using IPSec to the secure SQL Server connection, I have created a IPSec policy on the windows server (which hosts the SQL Server) to accept connections from clients through port 1433. Now the question is - Do we need to import this policy onto the clients to secure the connection ?   I tried to connect to the SQL Server from a client machine with out the policy and the connection could not be established. With policy on the client machine, the client could connect to the server.

     

    --------------

    RK

    Tuesday, November 30, 2010 8:48 AM
  • Hi svramakris,

     

    Do we need to import this policy onto the clients to secure the connection ?

    If we have enable ForceEncryption option, all the connection to this instance will be encrypted automatically. For more information about this option, please refer to this link: http://msdn.microsoft.com/en-us/library/ms189067.aspx

     

    If you want to get more information about IPSEC, please ask it in Windows Server forum and you will get specific support.

     

    If anything is unclear, please let me know.


    Regards,
    Tom Li
    • Marked as answer by Tom Li - MSFT Wednesday, December 8, 2010 10:26 AM
    Wednesday, December 1, 2010 6:21 AM
  • Pretty old thread.. but for the benefit of others.. it looks like you need to set the configuration at each client. Please refer the below thread

    https://sqlstarters.com/2014/01/18/introduction-to-using-ipsec-with-sql-server/


    Suresh
    My Scribbling

    Tuesday, November 7, 2017 1:40 PM