I'm in the process of implementing ipsec filtering on my 2003 servers.
I'm used to using ipsecpol.exe or ipseccmd.exe which allowed you to
add the rules, policy, filter, and filteraction in pretty much one
command-line for each rule. I notice with 'netsh ipsec' that I need
to add everything individually which makes for a fairly long an
complicated batch file. Is there no way to add rules like the old
simple syntax?
i.e. ipsecpol.exe -w REG -p "Security Policy" -r "AllowRDP-in" -f
*+10.255.254.43:3389:TCP -n PASS
Thanks for any input.
Chris
netsh ipsec static add policy name="Security Policy" description="Some
Policy" assign=no
netsh ipsec static add filter filterlist="ALL Inbound Traffic" srcaddr=any
dstaddr=me description="ALL Inbound Traffic" protocol=any srcport=0
dstport=0
netsh ipsec static add filteraction name=Block description="Blocks Traffic"
action=block
netsh ipsec static add rule name="ALL Inbound Traffic Rule" policy="Security
Policy" filterlist="ALL Inbound Traffic" kerberos=yes filteraction=Block
I think it's nice that everything is verbose and can be easily understood.
"Chris" <cf_...@hotmail.com> wrote in message
news:d97e530f.03100...@posting.google.com...