Dialog Box: Customize IPsec Tunnel Authorization

Published: January 20, 2009

Updated: January 20, 2009

Applies To: Windows 7, Windows Server 2008 R2

Use these settings to specify which users or computers are authorized to initiate a tunnel connection to the local computer. These settings only apply to inbound connections. Tunnel connections initiated by the local computer are not subject to these authorization settings.

noteNote
These settings only apply to tunnel mode rules that have the Apply authorization option enabled on the Customize IPsec Tunneling Settings dialog box.

  1. In the Windows Firewall with Advanced Security MMC snap-in, in Overview, click Windows Firewall Properties.

  2. Click the IPsec Settings tab.

  3. Under IPsec tunnel authorization, select Advanced, and then click Customize.

Use this tab to identify computers or computer groups that are authorized to create tunnel mode connections to the local computer.

Select this option to specify which computers can create a tunnel mode connection to the local computer.

If you select the check box, then Add is enabled. Click Add, and then specify the computer or group accounts in the Active Directory Object Picker dialog box.

To remove a computer or group from the list, select the computer or group, and then click Remove.

Use this section to identify computer or group accounts that are denied permissions to create tunnel mode connections to the local computer. If a computer attempting a connection is listed in both the Authorized computers and Exceptions boxes, either directly or as a member of a group, the exception takes priority and the connection is blocked.

Select this option to specify which computers are prohibited from creating a tunnel mode connection to this computer.

If you select the check box, then Add is enabled. Click Add, and then specify the computer or group accounts in the Active Directory Object Picker dialog box.

To remove a computer or group from the list, select the computer or group, and then click Remove.

Use this tab to identify users or user groups that are authorized to create tunnel mode connections to the local computer.

Select this option to specify which users can create a tunnel mode connection to this computer.

If you select the check box, then Add is enabled. Click Add, and then specify the user or group accounts in the Active Directory Object Picker dialog box.

To remove a user or group from the list, select the user or group, and then click Remove.

Use this section to identify user or group accounts that are denied permissions to create tunnel mode connections to the local computer. If a user attempting a connection is listed in both the Authorized users and Exceptions boxes, either directly or as a member of a group, the exception takes priority and the connection is blocked.

Select this option to specify which users are prohibited from creating a tunnel mode connection to this computer.

If you select the check box, then Add is enabled. Click Add, and then specify the user or group accounts in the Active Directory Object Picker dialog box.

To remove a user or group from the list, select the user or group, and then click Remove.

Community Additions

ADD
Show: