Information Technology Reference
In-Depth Information
Note If you do not specify a value for activatedefaultrule when creating a new IPSec policy, the
default value is yes .
How It Works
When configuring an IPSec policy, you use the default response rule to ensure that a Windows
Server 2003 computer will respond to all requests for secure communication, even if the request
does not match any other configured IPSec rules. If the active IPSec policy does not have a rule
defined for a particular computer that is requesting secure communication, the default response
rule will be applied to negotiate security. So if Computer A makes a request to communicate
securely with Computer B, and Computer B does not have any IPSec rules defined that match
the IP address of Computer A, then Computer B will invoke the default response rule when
responding to Computer A.
When configuring an IPSec policy, you cannot delete the default response rule; however,
you can disable it if you do not want it to take effect. Additionally, you cannot modify the filter
action defined for the default response rule; it will always use the Negotiate Security action.
You can modify only two configuration items for the default response rule:
Security method: You can configure the same security methods here that you would for a
custom filter action, including SHA1 or MD5 for data integrity and DES or 3DES for data
encryption.
Authentication methods: You can configure the default response rule to use Kerberos v5,
public key certificates, or a preshared key.
See Also
￿
Recipe 7-6 for configuring security methods
￿
Recipe 7-8 for managing authentication methods
￿
Microsoft TechNet: “IPSec Policy Rules” ( http://www.microsoft.com/
technet/prodtechnol/windowsserver2003/library/ServerHelp/
3b25ba1b-5adb-49a6-96f1-6409c84ce82b.mspx )
7-14. Configuring IPSec Exemptions
Problem
You want to configure the types of traffic that are exempt from processing by IPSec.
Search WWH ::




Custom Search