Is it possible to use Microsoft's "Secure Connection Rules" (IPSec) with VPN?

windows-7 vpn ipsec

Is it possible to use Microsoft's "Secure Connection Rules" to authenticate/encrypt connections while using VPN at the same time?
What are the configurations necessary?

It should look like this:

Client A <-- VPN --> VPN Gateway <-- LAN --> Client B
  FTPd   <------------- IPSec ------------->   FTP

(I know there are other ways to secure FTP, I just use it for testing)

Thanks

Update 1:

To clarify the objectives:

  1. Traffic in the LAN should be authenticated and have integrity, but should not be encrypted (because of the IDS)
  2. Traffic passing the internet or other strange networks should have confidentiality

Solution 1:

IPSec policies are applied based on source/destination addresses, so they should just not care about where the traffic is actually flowing; so, yes, applying them to computers whose communications happens via a VPN should work.

But why would you need such a thing, when you can encrypt the VPN itself?

Edit:

In order for IPSec to work, some traffic needs to flow between the involved machines:

  • UDP port 500
  • UDP port 88 (if you're using Kerberos authentication)
  • IP protocols 50 and 51

More info here.

I don't know if this can be achieved through a VPN... the low-level IP protocols look very much like a possible problem here.

Related

Can someone see why my DNS won't work? I followed everything in the tutorial, but won't work
Server refused our key (AWS) - Putty
Proper way to load balance a site across two locations
How can I enable pid and ppid fields in psacct dump-acct?
AWS restore_db_cluster_from_snapshot yet no instances
SSH Connection refused
Copy printer defaults to other printers
Cold Booting a Server over IP KVM - Which Type of PDU is Required?
Wireless Profile via Group Policy - Specific Trusted Root not Listed?
$e$ as the limit of a sequence
a 2 distance set has an upper bound for number of its elements
Riesz Representation Theorem from Rudin Real and Complex Analysis