Information Technology Reference
In-Depth Information
5.
On the IP Filter List tab, select the filter list that this rule should use. Each rule can apply
to only a single IPSec filter. If the filter list that you require isn't listed, you can click Add
to create it here.
6.
On the Filter Action tab, choose the action that this rule should apply to any traffic that
meets the criteria of the filter you selected.
7.
On the Authentication Methods tab, select the authentication method that this rule
should use. You can select Add, Edit, or Remove to modify the defined methods, or click
Move Up or Move Down to change the order in which the methods will be attempted.
8.
On the Tunnel Setting tab, select the This Rule Does Not Specify an IP Tunnel option if
this IPSec rule uses the local computer as its endpoint. If the rule is being tunneled
through another host, select the The Tunnel Endpoint Is Specified by This IP Address
option and enter the endpoint IP address.
9.
On the Connection Type tab, select the type of connection to which this rule should
apply. You can select any one of the following:
All network connections
Local area connection (LAN)
Remote access
10.
Click OK to save the rule.
Using a Command-Line Interface
The following command creates an IPSec rule for the Web Server policy, which blocks all traffic
defined by the Port 1433 filter list:
> netsh ipsec static add rule name = "Block Port 1433"
policy = "Web Server" filterlist = "Port 1433" filteraction = "Blocker"
The following command deletes the Block Port 1433 rule from the Web Server policy:
> netsh ipsec static delete rule name = "Block Port 1433" policy = "Web Server"
How It Works
Each IPSec policy consists of one or more IPSec rules. As the name implies, an IPSec rule will
determine the behavior of a Windows Server 2003 computer configured for IPSec. Each rule
consists of the following configuration items:
IPSec filter list:
This is composed of one or more IPSec filters and determines which traffic
will be affected by the rule.
IPSec filter action:
This determines the action that the local computer will take when it
encounters traffic that meets the criteria of the filter list.
Authentication method:
This determines how IPSec peer computers will negotiate
authentication with one another.
