Information Technology Reference
In-Depth Information
Since an IPSec policy can consist of more than one rule and each rule can consist of more
than one filter, you may encounter a situation where a particular piece of network traffic fits
the criteria of more than one rule. When this happens, Windows will apply the most specific
rule out of any that are configured. So if Rule A is configured to apply to an entire IP subnet, and
Rule B is configured to apply to the specific IP address, Rule B will be applied, since it is the
more specific of the two. Or, in the case of two rules that contain the same value for IP addresses,
ports, and protocols, but with two different filter actions, Windows will apply the rule with the
more restrictive filter action. So if Rule A is configured to allow traffic to port 80 on a specific IP
address and Rule B is configured to block traffic to port 80 on the same IP address, IPSec will
apply Rule B and block the traffic.
See Also
Recipe 11-8 for configuring authentication methods
Microsoft TechNet: “IPSec Policy Rules” (
http://www.microsoft.com/
technet/prodtechnol/windowsserver2003/library/ServerHelp/
3b25ba1b-5adb-49a6-96f1-6409c84ce82b.mspx
)
The Cable Guy - February 2005, “IPSec Filtering Ordering” (
http://www.microsoft.com/
technet/community/columns/cableguy/cg0205.mspx
)
7-3. Managing IPSec Filter Lists
Problem
You want to create, edit, or delete an IPSec filter list.
Solution
Using a Graphical User Interface
1.
Open the Group Policy Management Console or the IP Security Policy Management
MMC snap-in.
2.
Navigate to Computer Configuration\Windows Settings\Security Settings.
3.
Right-click the IP Security Policies node and select Manage IP Filter Lists and Filter Actions.
4.
On the Manage IP Filter Lists tab, do one of the following:
To create a new filter list, click Add. Enter the name of the list in the Name text box,
and enter a longer description in the Description text box. Then click OK.
To delete an existing IP filter list, select the name of the filter list and click Remove.
To modify an existing filter list, select the name of the filter list and click Edit.
