affic from NetA needs to be routed to NetB or when traffic from NetB needs to be routed to NetA so traffic is routed over a secure session.
You need to configure an IPSec policy. You must build two filters; one to match packets going from NetA to NetB (tunnel 1), and one to match packets going from NetB to NetA (tunnel 2). You need to configure a filter action to specify how the tunnel should be secured (a tunnel is represented by a rule, so two rules are created). How to Create IPSec PolicyTypically, a Windows 2000 gateway is not a member of a domain, so a local IPSec policy is created. If the Windows 2000 gateway is a member of a domain that has IPSec policy applied to all members of the domain by default, this prevents the Windows 2000 gateway from having a local IPSec policy. In this case, you can create an Organizational Unit (OU) in Active Directory, make the Windows 2000 gateway a member of this OU, and assign the IPSec policy to the Group Policy Object (GPO) of the OU. For more information, refer to the "Assigning IPSec Policy" section of Windows 2000 online help.
- Use the MMC to work on the IP Security Policy Management snap-in (a quick way to load this is to click Start, click Run, and then type secpol.msc).
- Right-click IP Security Policies on Local Machine, and then click Create IP Security Policy.
- Click Next, and then type a name for your policy (for example, IPSec Tunnel with third-party Gateway).
NOTE: You can also type more information in the Description box.
- Click to clear the Activate the default response rule check box, and then click Next.
- Click Finish (keep the Edit check box selected).
NOTE: The IPSec policy is created with default settings for the IKE main mode (phase 1) on the General tab, in Key Exchange. The IPSec tunnel consists of two rules, each of which specifies a tunnel endpoint. Because there are two tunnel endpoints, there are two rules. The filters in each rule must represent the source and destination IP addresses in IP packets that are sent to that rules tunnel endpoint. How to Build a Filter List from NetA to NetB
- In the new policy properties, click to clear the Use Add Wizard check box, and then click Add to create a new rule.
- On the IP Filter List tab, click Add.
- Type an appropriate name for the filter list, click to clear the Use Add Wizard check box, and then click Add.
- In the Source address area, click A specific IP Subnet, and then fill in the IP Address and Subnet mask boxes to reflect NetA.
- In the Destination address area, click A specific IP Subnet, and fill in the IP Address and Subnet mask boxes to reflect NetB.
- Click to clear the Mirrored check box.
- On the Protocol tab, make sure the protocol type is set to Any, because IPSec tunnels do not support protocol-specific or port-specific filters.
- If you want to type a description for your filter, click the Description tab. It is generally a good idea to give the filter the same name you used for the filter list. The filter name is displayed in the IPSec monitor when the tunnel is active.
- Click OK, and then click Close.
How to Build a Filter List from NetB to NetA
- On the IP Filter List tab, click Add.
- Type an appropriate name for the filter list, click to clear the Use Add Wizard check box, and then click Add.
- In the Source address area, click A specific IP Subnet, and then fill in the IP Address and Subnet mask boxes to refl
|