Information Technology Reference
In-Depth Information
5.
Enter a name for the policy in the Name text box, and enter a description in the
Description field. Click Next to continue.
6.
By default, you will see a check mark next to Activate the Default Response Rule. If you
want to disable the default response rule, remove the check mark. Click Next.
7.
If you chose to enable the default response rule, choose the authentication method to
be used by the default response rule. Select from the following, and then click Next to
continue.
Active Directory default (Kerberos v5)
Use a certificate from this Certification Authority (CA); then click Browse to select the
certificate
Use this string to protect the key exchange (pre-shared key); then enter the string in
the text box below
8.
To create rules and filter lists to associate with this policy now, leave the check mark
next to Edit Properties and click Finish. You'll be taken to the Properties page of the
IPSec policy, where you'll be able to create new IPSec rules (see Recipe 7-2). To populate
the policy later, remove the check mark and select Finish.
Using a Command-Line Interface
The following command creates an IPSec policy called Default IPSec Policy with the default
response rule activated:
> netsh ipsec static add policy name = "Default IPSec Policy"
activatedefaultrule = yes
The following command will rename the Default IPSec Policy to Domain IPSec Policy and
adds it to the Corporate Domain Policy GPO:
> netsh ipsec static set store location = domain
> netsh ipsec static set policy name = "Default IPSec Policy"
newname = "Domain IPSec Policy" gponame = "Corporate Domain Policy"
The following command will delete the Domain IPSec Policy that you just created:
> netsh ipsec static delete policy name = "Domain IPSec Policy"
The following command will delete all configured IPSec policies:
> netsh ipsec static delete all
■
Caution
If your IPSec policies are assigned using Active Directory, you should unassign an IPSec policy
24 hours before deleting it. This will allow the change in assigned policies to propagate throughout Active
Directory before deleting the policy. If you delete a policy that is stored in Active Directory without following
this procedure, computers on your network may continue to use a cached copy of the deleted policy.
