In Part I of this article, we started to look at how to edit a predefined IPSec policy in Vista. An element of this process may include editing or creating IPSec rules.
Creating an IPSec rule is relatively simple because the Create IP Security Rule Wizard walks you through the process. You can launch the wizard from the Rules tab within the IPSec policy’s properties window.
On the first page of the Wizard, you’ll be asked whether to specify a tunnel endpoint (and the IP address of the endpoint if you elect to use tunneling). The next page of the Wizard prompts you to select an IP filter list for the type of IP traffic to which the rule will apply. You can select to apply the rule to all ICMP traffic or all IP traffic. Alternatively, you can select the Add button to create a custom list (this selection brings up another Wizard within the Wizard: the IP Filter Wizard).
Next, you select a filter action. The default actions are:
- Permit (this option permits unsecured IP packets)
- Request security (optional)
- Require security
The next page of the Wizard lets you choose the network type(s) to which the rule must be applied: LAN, remote access, or (the default) all network connections.
Next, you can choose the initial authentication method. The default is Active Directory (Kerberos v5). However, Kerberos can only be used if the computer is a member of a domain. If it’s not, you’ll need to select another method. Alternatively, you can choose to use a certificate (you’ll have to specify the issuing certification authority) or a preshared key (in which case you must enter the character string that makes up the key).
This completes the Wizard, and when you click Finish, your new rule will appear in the IP Security rules list on the Rules tab of the policy’s properties sheet. You can check or uncheck it to specify whether it is to be used.
Once you are finished editing your policy, you can close the properties window. The final step will be to assign the policy.
[awsbullet:ipsec+policies]