Set L2TP over IPSec input filters

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To set L2TP over IPSec input filters

To set L2TP over IPSec input filters, you must configure the filters and select the appropriate filter action.

To add the first L2TP over IPSec input filter

  1. Open Routing and Remote Access.

  2. In the console tree, click General.

    Where?

    • Routing and Remote Access/server name/IP Routing/General
  3. In the details pane, right-click the interface on which you want to add a filter, and then click Properties.

  4. On the General tab, click Inbound Filters.

  5. In the Inbound Filters dialog box, click New.

  6. In the Add IP Filter dialog box, select the Destination network check box.

  7. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255.

  8. In Protocol, click UDP.

  9. In Source port, type 0.

  10. In Destination port, type 500, and then click OK.

To add the second L2TP over IPSec input filter

  1. On the General tab, click Inbound Filters.

  2. In the Inbound Filters dialog box, click New.

  3. In the Add IP Filter dialog box, select the Destination network check box.

  4. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255.

  5. In Protocol, click UDP.

  6. In Source port, type 0.

  7. In Destination port, type 1701, and then click OK.

To add the third L2TP over IPSec input filter

  1. On the General tab, click Inbound Filters.

  2. In the Inbound Filters dialog box, click New.

  3. In the Add IP Filter dialog box, select the Destination network check box.

  4. In IP Address, type the IP address of the interface, and in Subnet mask, type 255.255.255.255.

  5. In Protocol, click UDP.

  6. In Source port, type 0.

  7. In Destination port, type 4500, and then click OK.

To select the filter action for the input filter

  • In the Inbound Filters dialog box, click Drop all packets except those that meet the criteria below, and then click OK.

Note

  • To perform this procedure, you must be a member of the Administrators group. As a security best practice, consider using the Run As command rather than logging on with administrative credentials. If you have logged on with administrative credentials, you can also open Routing and Remote Access by clicking Start, clicking Control Panel, double-clicking Administrative Tools, and then double-clicking Routing and Remote Access. For more information, see Default local groups, Default groups, and Using Run as.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Working with MMC console files
Packet filtering
Add a packet filter
Select the L2TP over IPSec interface
Set L2TP over IPSec output filters