How to create IPSec filter list in Windows 2003

In this lesson you will learn how to create an Internet Protocol Security (IPSec) filter list.

IP Filter list specifies what traffic the system should secure using IPSec. IP filter lists can be specified based on IP addresses, protocols, and port numbers. An IP filter list is configured on the IP Filter List tab in the Properties dialog box of an IPSec rule of an IPSec policy.

New IPSec Rule properties

Click "Add" button "New Rule Properties" IP Filter List tab.

New IPSec IP filter list dialog box

"IP Filter List" dialog box will fire up. Enter a meaning-ful name and description. Remember to uncheck the "Use Add Wizard". Click "Add" button to create a new filter list to filter all Telnet Traffic to domain controller.

Source and Destination IP Address for Block all Telnet IPSec IP Filter list

In Source address combo box, select "Any IP Address" and in Destination address combo box, select "My IP Address". To automatically create two filters based on configured filter settings going to and coming from the specific Destination address, select the Mirrored check box. Now click the "Protocol" tab.

Protocol and port number for IPSec IP filter list

Select TCP as the protocol and "To this port" as 23. Remember, Telnet is listening at TCP port number 23. Click "OK" to create a new IP filter list.

New IP filter list to block all telnet traffic listed

Click "OK" to finish. The new filter list "Block All Telnet" will be listed in the IP filter lists tab.

Block All Telnet IPSec IP filter list created

You have created a new IPSec IP filter list (Block All Telnet) to filter Telnet Traffic from all computers to the domain controller Now you have to specify a filter action for this filter list. Click the filter action tab of "New Rule properties" Dialog box. To learn how to create a filter action, click "Next".

Related Tutorials