Information Technology Reference
In-Depth Information
7-5. Managing Filter Actions
Problem
You want to configure a filter action to control what the IPSec policy should do when it encounters
traffic that meets the criteria of a configured IP filter.
Solution
Using a Graphical User Interface
1.
Open the Group Policy Management Console or the IP Security Policy Management
MMC snap-in.
2.
Navigate to Computer Configuration\Windows Settings\Security Settings.
3.
Right-click the IP Security Policies node and select Manage IP Filter Lists and Filter
Actions.
4.
On the Manage Filter Actions tab, remove the check mark next to Use Add Wizard, and
then click Add.
5.
On the General tab, enter a name for the action in the Name text box, and enter a
description in the Description box.
6.
On the Security Methods tab, select one of the following actions:
Permit
: Traffic will be allowed.
Block
: Traffic will be blocked.
Negotiate Security
: Traffic will be secured using the methods you configure.
7.
To accept unsecured incoming traffic while ensuring that all outgoing communications
are secured, place a check mark next to Accept Unsecured Communication, But Always
Respond Using IPSec.
8.
To enable communication with other computers that do not support IPSec by allowing
communications to continue if there is no response to a request for IPSec negotiation,
place a check mark next to Allow Unsecured Communication with Non-IPSec-Aware
Computers. Click Yes once you've read the warning message concerning the security
risks inherent in allowing unsecured communications.
■
Note
If the local computer is unable to negotiate IPSec traffic, it will attempt to renegotiate at five-minute
intervals.
