Any MOM Computer

  • Article

To create a policy using specific IP address

  1. In the IPSec snap-in, right-click in either the console tree or the results pane, and then click Create IP Security Policy.

  2. In the IP Security Policy Wizard, click Next.

  3. Enter a name and (optional) a description for the policy. The policy is the container for all the filters and rules.

  4. Clear the Activate the default response rule check box, and then click Next.

  5. Make sure that the Edit properties check box is selected, and then click Finish.

  6. In the Policy Name Properties dialog box, make sure the Dynamic IP Security Rule check box is cleared.

  7. Make sure the Use Add Wizard check box is cleared, and then click Add to add a new rule.

  8. On the IP Filter List tab of the New Rule Properties dialog box, click Add.

  9. In the IP Filter List dialog box, enter a name and a description (optional) for the filter list.

  10. Click Add to create a filter list.

  11. In the Filter Properties dialog box, select the My IP Address option from the drop-down list (if you are on the specific computer you want to create the rule for. If you are not, use the IP address for that computer). This will add the IP address for the computer you are logged on to the filter list.

  12. Select the Specific IP Address option from the drop-down list, and then enter the IP address.

    [Alternatively] Select the A specific DNS Name option, and enter the DNS name.

    [Alternatively] Select the A specific IP subnet option, and enter the IP address and subnet.

    [Alternatively] (Windows Server 2003 only) Select one of the other options. These options will dynamically discover the IP address.

  13. Make sure the Mirrored check box is selected. This option automatically creates two filters one for incoming traffic and another for outgoing.

  14. On the Protocol tab, select the Any option.

    Note

    You can make the rule more secure by narrowing the allowed protocols if you know what they will be.

  15. [Optional] On the Description tab, enter a description for this filter.

  16. Click OK. If you see the Security Warning dialog box, click Yes. This dialog informs you that the DNS name is resolved to an IP address once and is not updated if the IP address changes.

  17. On the IP Filter List tab, select the new filter list.

  18. On the Filter Action tab, select the Require Security option.

  19. On the Authentication Methods tab, use the default, Kerberos (the Kerberos v5 protocol).

  20. On the Tunnel Settings tab, select the This rule does not specify an IPSec tunnel option. If you are using the policy through a firewall, you might need to use tunneling. For more information, see the "Using IPSec Through a Firewall" section in this guide.

  21. On the Connection Type tab, select the All network connections option.

  22. In the New IP Security Policy dialog box, select the new policy, and then click OK (or Close if that is the only option given).

  23. To add more rules to the policy, repeat steps 8-22. You can use a single policy on the Management Server for all connections that it has with various MOM computers by adding rules for these connections.

To un-assign (deactivate) IPSec policies

  1. In the IP Security Policies snap-in, select the policy in the results pane.

  2. Click Action, and then click Un-Assign. This deactivates the policy immediately.