Hello:

Situation:
-----------
--All standalone servers and no Active Directory.
--Win2k3 server. Has a test web page.
--Applied IPSec policy on the local Win2k server first by creating an ip
filter limiting access to "Require Security" for all the XP workstations
coming from a certain network.
--There is a seperate standalone sub-CA server which issues certificates.
--The Win2k3 Server which has a test web page and which has a "Require
Security" policy implemented has a Certificate (IPSec) installed on the
Computer Account.
--XP client workstation which has NO Certificate installed tries to access
the test page from the subnet mentioned in the IP filter and which has
Require Security option and it can access that page successfully without any
problem.

My questions are as follows:
--------------------------------

1. Do we really need to implement IPSec policy at the client level as well
which means that we need to distribute or issue Certificates (IPSec) with
"Require Security" option at the client side as well?

2. Is there any way without having to implement IPSec policy at the client
workstation to completely block access to the above mentioned Win2k3 server
where IPSec policy is implemented (web page or accessing file share etc)?

I will certainly appreciate your input on this. Thanks.

Victor