IPSEC Firewall windows 2000

I created an ipsec firewall on windows 2000.  Is there a way for me to export that so I can put it on multiple machines?


Who is Participating?
Rich RumbleConnect With a Mentor Security SamuraiCommented:
Yes... but a word of caution... the IPSEC firewall is eaily by-passed if you bind your source port to port 88 or 500
This is by design... and not a flaw (recently M$ has intorduced ways that prevent this now, sp4 and sp2 for XP)
So someone with  port scanner like Nmap can scan your box by using the following
nmap -sS -g 88 -P0 ip.ip.ip.ip -vv
They would see all the ports that were open, can could use any number of ways to bind their src port to 88,500,46 and get past the firewall.

To export your IPSEC rules, open Secpol.msc (go to the Run line, them type  "secpol.msc" press eter)
-->Highlight<-- "IP Security Policies for Local..." and then go to Action, and you'll see Export List, this will open a window for you to save the list (all policies) and you can specify how they will be saved, Tab Delimited, or Comma... if you want to save just one or two of the rules, you'll have to delete the ones you don't want... I export all, then delete what I do not want- that way there is a backup of the defaults, and the others.
rjohnsonjrAuthor Commented:
Thanks for your help!  I will definately following with that article :-)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.