Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

netsh ipsec command. an easier way?

9 views
Skip to first unread message

Chris

unread,
Oct 9, 2003, 1:18:32 PM10/9/03
to
Hi,

I'm in the process of implementing ipsec filtering on my 2003 servers.
I'm used to using ipsecpol.exe or ipseccmd.exe which allowed you to
add the rules, policy, filter, and filteraction in pretty much one
command-line for each rule. I notice with 'netsh ipsec' that I need
to add everything individually which makes for a fairly long an
complicated batch file. Is there no way to add rules like the old
simple syntax?

i.e. ipsecpol.exe -w REG -p "Security Policy" -r "AllowRDP-in" -f
*+10.255.254.43:3389:TCP -n PASS

Thanks for any input.

Chris

Panda

unread,
Oct 9, 2003, 1:51:56 PM10/9/03
to
Don't know of any, here is an example of netsh usage to block any incoming
traffic:

netsh ipsec static add policy name="Security Policy" description="Some
Policy" assign=no

netsh ipsec static add filter filterlist="ALL Inbound Traffic" srcaddr=any
dstaddr=me description="ALL Inbound Traffic" protocol=any srcport=0
dstport=0

netsh ipsec static add filteraction name=Block description="Blocks Traffic"
action=block

netsh ipsec static add rule name="ALL Inbound Traffic Rule" policy="Security
Policy" filterlist="ALL Inbound Traffic" kerberos=yes filteraction=Block

I think it's nice that everything is verbose and can be easily understood.

"Chris" <cf_...@hotmail.com> wrote in message
news:d97e530f.03100...@posting.google.com...

0 new messages