Information Technology Reference
In-Depth Information
■
Note
To modify filter lists on the local computer, use the IP Security Policy Management MMC snap-in
instead of the Group Policy Editor.
Using a Command-Line Interface
The following command creates an IPSec filter list called Web Server on the local Windows
Server 2003 computer:
> netsh ipsec static add filterlist name = "Web Server"
description = "Protecting local HTTP traffic."
To modify the existing Web Server filter list, use the following command:
> netsh ipsec static set filterlist name = "Web Server"
The following command renames the filter list Web Server to Internal Web Server:
> netsh set filterlist name = "Web Server" newname = "Internal Web Server"
The following command deletes the IPSec filter list called Web Server from the local
Windows Server 2003 computer:
> netsh ipsec static delete filterlist name = "Web Server"
The following command deletes all IPSec filter lists configured on a local computer:
> netsh ipsec static delete filterlist all
■
Caution
You will not be permitted to create an IPSec filter list with the name All, since this will interfere
with the
netsh ipsec static delete filterlist all
command.
How It Works
IPSec rules are at the heart of an IPSec policy. A rule is made up of a combination of an IPSec
filter list, a filter action, and one or more authentication methods. An IPSec filter list, as the
name suggests, includes one or more IP filters that can be grouped together and handled as a
single unit. As an example, if you need an IPSec rule that will block all traffic to two specific
IP addresses, configure a filter list consisting of two single IP filters: one that applies to each IP
address. Once you have an IPSec filter list in place, you can create one or more rules to build a
complete policy.
In addition to creating filter lists using the graphical user interface instructions in this
recipe, you can also create one on the fly when you create an IPSec rule. Rather than adding an
existing filter list to a new rule that you're creating, you can simply select Add
during rule
creation to configure an appropriate filter list.
