Information Technology Reference
In-Depth Information
See Also
Recipe 7-2 for configuring IPSec rules
Recipe 7-4 for configuring individual IPSec filters
7-4. Managing IPSec Filters
Problem
You want to create, edit, or delete an IPSec filter within an existing IPSec filter list.
Solution
Using a Graphical User Interface
To create an IPSec filter, follow these steps:
1.
Open the Group Policy Management Console or the IP Security Policy Management
MMC snap-in.
2.
Navigate to Computer Configuration\Windows Settings\Security Settings.
3.
Right-click the IP Security Policies node and select Manage IP Filter Lists and Filter Actions.
4.
On the Manage IP Filter Lists tab, select the filter list for which you want to create a new
filter and click Edit.
5.
On the IP Filter List screen, remove the check mark next to Use Add Wizard, and then
click Add.
6.
On the Addresses tab, choose one of the following options from the Source Address
drop-down box:
My IP Address:
This policy will apply to any traffic originating from the local computer.
This option is particularly useful when applying IPSec policies through Group Policy,
so that you don't need to configure a rule for each source IP address on your network.
Any IP Address:
This policy will apply to traffic originating from any computer or
other device.
A Specific DNS Name:
This policy will apply to any traffic originating from the fully
qualified domain name (FQDN) that you specify in the Host Name text box.
A Specific IP Address:
This policy will apply to any traffic originating from the numeric IP
address that you specify in the IP Address text box. (You'll notice that the Subnet Mask
text box is configured as 255.255.255.255 and is grayed out. A 32-bit subnet mask
signifies the IP address of a single device.)
