Creating an IPSec Policy

Creating an IPSec Policy
IPSec policies are managed through the IP Security Policy Management extension of the Security Settings extension, which is itself an extension of the Group Policy snap-in for Microsoft Management Console (MMC). If you're using Windows XP Professional or Windows 2000, the easiest way to locate this extension is to open the Local Security Settings console: In Control Panel, open Administrative Tools (in the Performance And Maintenance category), Local Security Policy. Alternatively, type secpol.msc at a command prompt.

If you use Windows XP Home Edition, the Local Security Settings console is not available. To set up a console with the IPSec Security Policy Management snap-in, follow these steps:

At a command prompt, type mmc to open Microsoft Management Console.
Choose File, Add/Remove Snap-In (or press Ctrl+M).
In the Add/Remove Snap-In dialog box, click Add.
Select IP Security Policy Management and click Add.
In the Select Computer Or Domain dialog box, select Local Computer. Click Finish.
In the Add Standalone Snap-In dialog box, click Close. In the Add/Remove Snap-In dialog box, click OK.
Regardless of how you display the IP Security Policies extension in MMC, you need to select IP Security Policies On Local Computer in the tree pane in order to work with IPSec policies.

The user interface for creating IPSec policies can be a bit confusing. It provides property dialog boxes for the policy, each rule, each filter list, and each action. You must use one wizard but can use as many as four wizards. Use the IP Security Policy Wizard to create the shell for your new policy. From there, you can add rules to the policy and then add filter lists and filter actions to the rules—either by running wizards or by editing the properties dialog boxes for the rules, filter lists, and filter actions directly. The following sections