Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
When traffic matches a source, destination, and type of IP traffic in a filter, security negotiations are initiated. This type of IP packet filtering enables a network administrator to precisely define what IP traffic is secured. Each IP filter list contains one or multiple filters, which define IP addresses and traffic types. One IP filter list can be used for multiple communication scenarios.
IPSec requires both an inbound and outbound filter between the computers specified in the filter list. Inbound filters apply to incoming traffic. Outbound filters apply to traffic leaving a computer towards a destination. For example, if Computer A wants to securely exchange data with Computer B:
The active IPSec policy on Computer A must have a filter for any outbound packets to Computer B. Source=A and Destination=B.
The active IPSec policy on Computer A must have a filter for any inbound packets from Computer B. Source=B and Destination=A.
Each peer must also have the reverse filter:
The active IPSec policy on Computer B must have a filter for any inbound packets from Computer A. Source=A and Destination=B.
The active IPSec policy on Computer B must have a filter for any outbound packets to Computer A. Source=B and Destination=A.
Each filter defines a particular subset of inbound or outbound network traffic that should be secured. You must have a filter to cover any traffic to which the associated rule applies. A filter contains the following settings:
The source and destination address of the IP packet. You can specify any IP address assigned to the IPSec peer, a single IP address, IP addresses by DNS name, or groups of addresses to specify IP subnets.
The protocol over which the packet is being transferred. By default, all protocols in the TCP/IP protocol suite are selected. However, you can specify an individual protocol for this filter to meet special requirements, including custom protocols.
The source and destination port for TCP and UDP. By default, all TCP and UDP ports are selected, but you can select a specific TCP or UDP port.
For information about how to configure IP filter lists, see Add, edit, or remove IP filter lists.
Special filters might be required for certain types of traffic, such as SNMP traffic or security gateways. For more information, see Special IPSec considerations.