Home Setting Network (II) 3. Managing IP Security 3.3 Customizing and Configuring the Local Computer IPSec Policy and Rules for Transport Mode

3.3 Customizing and Configuring the Local Computer IPSec Policy and Rules for Transport Mode

Marţi, 18 August 2009 16:49 Eugen Morar
Email
In this video i will configure the local computer IPSec policy and rules for transport mode.


In this lab, you will customize one of the IPSec policies on the server.
  1. Select the File > Add/Remove Snap-In command. When the Add/Remove Snap-In dialog box appears, click the Add button.
  2. In the Add Standalone Snap-In dialog box, scroll through the snap-in list until you see the one marked IP Security Policy Management. Select it and click the Add button.
  3. The Select Computer dialog box appears. Select the Local Computer radio button and then click the Finish button.
  4. Click the Close button in the Add Standalone Snap-In dialog box, and then click the OK button in the Add/Remove Snap-In dialog box.
  5. Select the IP Security Policies On Local Computer node in the MMC. In the right-hand pane of the MMC, right-click the Server (Request Security) policy and choose Properties. The Server (Request Security) Properties dialog box appears.
  6. The All IP Traffic rule is selected by default. Click the Edit button. The Edit Rule Properties dialog box appears.
  7. Switch to the Filter Action tab. Select the Request Security (Optional) filter action and then click the Edit button. The filter action’s Properties dialog box appears.
  8. Click the Add button. When the New Security Method dialog box appears, click the Custom radio button and then click the Settings button.
  9. In the Custom Security Method Settings dialog box, check the Data And Address Integrity Without Encryption (AH) checkbox, and in the drop-down list, select SHA1. Check the Data Integrity and Encryption (ESP) checkbox. Using the drop-down lists under (ESP), set Integrity to SHA1 and Encryption to 3DES.
  10. First check the Generate A New Key Every checkbox and set the key generation interval to 24,000 Kbytes. (Kbytes must be in the range 20,480–2,147,483,647Kb.) Then click the next Generate A New Key Every checkbox and specify a key generation interval of 1800 seconds.
  11. Click the OK button in the Custom Security Method Settings dialog box and then click OK in the New Security Method dialog box.
  12. When the Request Security (Optional) Properties dialog box appears, use the Move Up button to move the custom filter you just defined to the top of the list.
  13. Click the OK button in the Request Security (Optional) Properties dialog box.
  14. Click the Close button in the Edit Rule Properties dialog box and then click the OK button in the Server (Request Security) Properties dialog box.