|
Lesson 3
Deploying IPSec
12-33
13. Click the Filter Action tab.
Notice that the Require Security option button is selected in the Filter
Actions list.
14. Click the Authentication Methods tab.
Notice that the policy is configured to use Kerberos for authentication.
15. Click OK to close the Edit Rule Properties dialog box.
16. Click OK to close the Secure Server (Require Security) Properties dialog
box.
Exercise 2: Creating a New IPSec Policy
In this exercise, you use the IP Security Policies snap-in to create a new
IPSec policy
on the computer.
1. In the console you created in Exercise 1, select the IP Security Policies
On Local
Computer heading in the scope pane and, from the Action menu, select Create
IP
Security Policy. The IP Security Policy Wizard appears.
2. Click Next. The IP Security Policy Name page appears.
3. In the Name text box, type Web Server Security and then click Next. The
Requests for Secure Communication page appears.
4. Click Next to accept the default Activate The Default Response Rule
setting. The
Default Response Rule Authentication Method page appears.
The default authentication method for Active Directory systems is Kerberos
V5
protocol, but on this page, you could elect to use a digital certificate or
a pre-
shared key in the form of a character string that you supply to all the
computers
involved in secured communications.
5. Click Next to accept the default Active Directory Default (Kerberos V5
Protocol)
option button. The Completing The IP Security Policy Wizard page appears.
6. Make sure the Edit Properties check box is selected, and then click
Finish. The
Web Server Security Properties dialog box appears.
7. In the Rules tab, make sure that the Use Add Wizard check box is
selected, and
then click Add. The Security Rule Wizard appears.
8. Click Next. The Tunnel Endpoint page appears.
On this page, you specify whether you want IPSec to run in transport mode or
tunnel mode. To use tunnel mode, you must specify the IP address of the
system
functioning as the tunnel endpoint. This is usually a router that provides a
WAN
connection to a remote site.
9. Click Next to accept the default This Rule Does Not Specify A Tunnel
option but-
ton. The Network Type page appears.
|
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)