Re: netsh ipsec command. an easier way?

From: Panda (brisk)
Date: 10/09/03

• Next message: Stefan Berglund: "Re: ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.10.08"
• Previous message: Chaitanya D. Upadhyay [MS]: "Re: Failed to install"
• In reply to: Chris: "netsh ipsec command. an easier way?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 9 Oct 2003 13:51:56 -0400

Don't know of any, here is an example of netsh usage to block any incoming
traffic:

netsh ipsec static add policy name="Security Policy" description="Some
Policy" assign=no

netsh ipsec static add filter filterlist="ALL Inbound Traffic" srcaddr=any
dstaddr=me description="ALL Inbound Traffic" protocol=any srcport=0
dstport=0

netsh ipsec static add filteraction name=Block description="Blocks Traffic"
action=block

netsh ipsec static add rule name="ALL Inbound Traffic Rule" policy="Security
Policy" filterlist="ALL Inbound Traffic" kerberos=yes filteraction=Block

I think it's nice that everything is verbose and can be easily understood.

"Chris" <cf_rich@hotmail.com> wrote in message
news:d97e530f.0310090918.2e134f4c@posting.google.com...
> Hi,
>
> I'm in the process of implementing ipsec filtering on my 2003 servers.
> I'm used to using ipsecpol.exe or ipseccmd.exe which allowed you to
> add the rules, policy, filter, and filteraction in pretty much one
> command-line for each rule. I notice with 'netsh ipsec' that I need
> to add everything individually which makes for a fairly long an
> complicated batch file. Is there no way to add rules like the old
> simple syntax?
>
> i.e. ipsecpol.exe -w REG -p "Security Policy" -r "AllowRDP-in" -f
> *+10.255.254.43:3389:TCP -n PASS
>
> Thanks for any input.
>
> Chris

---

• Next message: Stefan Berglund: "Re: ** READ THIS BEFORE POSTING - answers to frequently asked questions 2003.10.08"
• Previous message: Chaitanya D. Upadhyay [MS]: "Re: Failed to install"
• In reply to: Chris: "netsh ipsec command. an easier way?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages netsh ipsec command. an easier way? ... I'm in the process of implementing ipsec filtering on my 2003 servers. ... add the rules, policy, filter, and filteraction in pretty much one ... (microsoft.public.security) Re: IP Filtering ... Ipsec filtering, though not meant to replace a perimeter firewall, would probably be ... Policy in a domain or by exporting/importing the policies. ... > ready to apply the same kind of port filters on my other servers. ... (microsoft.public.win2000.security) Re: Unable to login into SBS 2003 Domain server ... Microsoft Windows Operating System Group Policy Result tool v2.0 ... Small Business Server Auditing Policy ... Filtering: Denied ... (microsoft.public.windows.server.active_directory) Re: Slow Logon related to groups - Update! ... Group Policy processing aborted. ... Small Business Server Windows Firewall ... Filtering: Denied ... (microsoft.public.windows.server.sbs) Re: Events 1006 (Userenv), 1030 (Userenv), 9153 (MSExchangeSA) on 2003 Server ... Check Group Policy security settings - verified, ... Small Business Server Auditing Policy ... Filtering: Denied ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2003-10