none
help with ipsecurity policy

    Question

  • im working on a windows server 2012 standard machine and am trying to create an ip security policy rule, on windows server 2008 i could block ip address from the internal lan on a machine running rras and dhcp dns, but now if i assign a new ip security policy it does not effect the lan only the server computer someone help please
    Saturday, December 14, 2013 2:54 AM

Answers

  • Hi,

    Sorry to say that I am not clear about your needs. Did you mean that the older IPsec policy didn’t work after create a new one?  If I misunderstood anything, please feel free to let me know and I would appreciate if you can provide more detailed information.

    Please pay attention that only one policy can be assigned to a computer at a time. Assigning another policy will automatically unassign the currently assigned policy. In addition, you must create a mirrored policy on the other computer and assign that policy to that computer if you want to assign computer-to-computer IPsec policy. You need use Group Policy if you want to assign a policy to many computers.

    More information:

    How to Block an IP Address using IPSec How to Block an IP Address using IPSec

    https://www.serverintellect.com/support/windowsserversecurity/ipsec-blockip/

    Note: Microsoft is providing this information as a convenience to you. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Best regards,

    Susie

    Monday, December 16, 2013 8:26 AM
    Moderator
  • As what Susie has suggested, you need to use GPO to apply the policy to a specific set of computers.

    You can create an OU and apply the GPO.

    But how did you apply the IP SEC? 

    check out this link:

    http://support.microsoft.com/kb/813878/en-us


    Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Monday, December 16, 2013 8:50 AM

All replies

  • Hi,

    Sorry to say that I am not clear about your needs. Did you mean that the older IPsec policy didn’t work after create a new one?  If I misunderstood anything, please feel free to let me know and I would appreciate if you can provide more detailed information.

    Please pay attention that only one policy can be assigned to a computer at a time. Assigning another policy will automatically unassign the currently assigned policy. In addition, you must create a mirrored policy on the other computer and assign that policy to that computer if you want to assign computer-to-computer IPsec policy. You need use Group Policy if you want to assign a policy to many computers.

    More information:

    How to Block an IP Address using IPSec How to Block an IP Address using IPSec

    https://www.serverintellect.com/support/windowsserversecurity/ipsec-blockip/

    Note: Microsoft is providing this information as a convenience to you. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Best regards,

    Susie

    Monday, December 16, 2013 8:26 AM
    Moderator
  • As what Susie has suggested, you need to use GPO to apply the policy to a specific set of computers.

    You can create an OU and apply the GPO.

    But how did you apply the IP SEC? 

    check out this link:

    http://support.microsoft.com/kb/813878/en-us


    Every second counts..make use of it. Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Monday, December 16, 2013 8:50 AM