Configure advanced IPSec filter settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To configure advanced IPSec filter settings

  1. Create a console containing IP Security Policies. Or, open a saved console file containing IP Security Policies.

  2. Double-click the policy that you want to modify.

  3. Double-click the rule that contains the IP filter list you want to modify.

  4. On the IP Filter List tab, double-click the IP filter list that contains the IPSec filter you want to modify.

  5. In the IP Filter List dialog box, click the filter that you want to modify, and then click Edit.

  6. In IP Filter Properties, click the Protocol tab, and then specify settings for Select a protocol type:

    To filter Do this

    Any packets sent on any protocol

    Click Any.

    Traffic sent on a specific protocol

    Click the protocol.

    Packets sent on a custom protocol

    Click Other, and then type the protocol number.

  7. If you chose TCP or UDP, you can also filter packets by the source port.

    • To filter packets sent on any port used by the protocol type that you selected, click From any port.

    • To filter packets sent on a specific port used by the protocol type that you selected, click From this port, and then type the port number.

    If you chose TCP or UDP, you can also filter packets by the destination port.

    • To filter packets received on any port used by the protocol type that you selected, click To any port.

    • To only filter packets received on the port number that you specify, click To this port, and then type the port number.

Caution

  • An erroneous port number might cause communication to be blocked or unsecured. If you are unsure of the correct value, see the Windows Resource Kits in Related Topics.

Notes

  • To manage Active Directory-based IPSec policies, you must be a member of the Domain Admins group in Active Directory, or you must have been delegated the appropriate authority. To manage local or remote IPSec policies for a computer, you must be a member of the Administrators group on the local or remote computer. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. For more information, see Default local groups and Default groups.

  • To create a console containing IP Security Policies, start the IP Security Policies snap-in. To open a saved console file, open MMC. For more information, see Related Topics.

  • For IPSec tunneling, only address-based filters are supported. Protocol-specific and port-specific filters are not supported.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Start the IP Security Policy Management snap-in
Open MMC
Add, edit, or remove IPSec filters
Filter list
Working with MMC console files
IPSec Resources