How IPSec Works

Navigation: Main page » Addiction & Rehabilitation

 Print this page Submit articleComment article

The Ultimate Facebook Marketing Guide
Hey there, Ever want to know how to get a lot more people interested in buying your products and services with Facebook? I know I have, but it’s never been easy to understand. Until now. Check this video out to see what I mean: Amy Porterfield is the co-author of “Facebook Marketing All in One For Dummies” and in this video she show you how simple it is to: •Get more fans interested in your products/services •Turn average fans into Super Fans •Make those Super Fans become customers for life •And a lot more... Watch this video to hear what all the rave is about for this training: You don’t want to miss out on learning how to maximize Facebook... take action now and watch this video:

Author: endeavor03

IPSec is implemented via the creation and assignment of IP Security policies. These policies can be created at the local level or established as part of a Group Policy object (GPO). When they are part of a GPO, they are applied to all computers whose account is within the site, domain, or organizational unit (OU) to which the GPO is linked. Policies are complex, and designing the correct policy for a specific situation requires knowledge of how policies work and the specifics of the parameters that can be configured. This is how IPSec •works:

1, When assigned, IPSec policies are used only when triggered by the filters included within them. Filters are designations of computers, ports, protocols, and so forth. For example, an IPSec policy might include a rule with a filter on the destination TCP port 23. If the policy is assigned on the computer belonging to a user named Jeff, when Jeff attempts to make a Telnet connection to server 192.168.7.56, the policy is activated. MCSE Certification

2. What happens next depends on the filter action selected in the policy. Filter actions available are block, permit, or negotiate.

If the filter action selected is block, all packets bound for TCP port 23 will be dropped.

If the filter action is permit, packets bound for port 23 will be allowed.

If the filter action is negotiate, Jeffs computer will attempt to negotiate a connection by using the specifics included in the policy. If the computer 192.168.7.56 has an IPSec policy assigned and it has a compatible |i|le, negotiate will probably be successful and Jeff will be able to connect to the computer. However, if no policy is assigned on the remote computer or the policy is not compatible, no connection will occur. MCSE

Elements of an IPSec Policy

Each IPSec policy has the following elements:

One or more rules. A rule is a collection of filters. Each rule can contain multiple

filters but only a single filter action. If multiple actions are involved—such as

"block all telnet, but negotiate a Telnet connection from computer at

192.168.7.33" two rules are required.

A filter list. Each rule can have multiple filters. Filters specify information about the source and destination computers. Filters also provide information about the protocol, including source and destination ports, source and destination IP addresses, and source and destination mask.

Filter action. Each rule must have one and only one filter action. The filter actionis taken if the policy is triggered because of something in the filter list. If a filter list contains filters that include the destination port on the local computer for telnet ftpand nntp and a filter action of block, any traffic received that is destined for these ports is dropped.

General configuration. Each policy can be configured to use specific protocolsfor integrity and authentication. Likewise, they must indicate things such asauthentication type, frequency of key change, and Diffie-Hellman group (strength of key used to secure the Quick Mode negotiation).

How Internet Protocol Filters Are Created

There are several tools that can be used to create an Internet Protocol filter, but the basic process is the same:

Note Tools that can be used to create Internet Protocol Filters and IPSec Negotiation policy are

The netsh command line tool

The IP Security Policy Management MMC snap-in

The IP Security Policies on Active Directory container in a GPO

The IP Security Policies on the Local Computer container in a Local Group Policy

1. Create the IPSec policy on a test computer:

a. Create a blocking rule or a permit rule.

b. Create a filter that indicates the source address of the packet that will trigger the rule, the destination address of the computer or computers that will block or permit traffic, and the protocol type and port.

c. Create a filter action (either block or permit).

d. Add as many filters as are required.

important Only one filter action is possible per rule. Therefore, if you require blocking and permitting Internet Protocol Filter, you must create two rules in the policy one for blocking and one for permitting.

2. Assign the policy on the test computer.

3. Test the policy.

4. If the policy works, deploy the policy in the production network as required.