|
|
An IPSec policy consists of a set of filters, filter actions, and rules.
A filter consists of:
A source IP address or range of addresses.
A destination IP address or range of addresses.
An IP protocol, such as TCP, UDP, or “any.”
Source and destination ports (for TCP or UDP only).
Filters can also be mirrored on two computers. A mirrored filter applies the same rule on client and server computer (with the source and destination addresses reversed).
A filter action specifies actions to take when a given filter is invoked. It can be one of the following:
Permit. The traffic is not secured; it is allowed to be sent and received without intervention.
Block. The traffic is not permitted.
Negotiate security. The endpoints must agree on and then use a secure method to communicate. If they cannot agree on a method, the communication does not take place. If negotiation fails, you can specify whether to allow unsecured communication or to whether all communication should be blocked.
A rule associates a filter with a filter action.
A mirrored policy is one that applies rules to all packets with the exact reverse of the specified source and destination IP addresses. A mirrored policy is created in this How To.
|
|