Windows 2000 IPSec

Where can I get this "policy" package? You can download IpSecFilter.zip (including a basic readme.txt file) from this site. Need more info? We'll provide graphics and outline the simple steps to install IPSec on your Windows 2000 computer next. (NOTE: not all windows will be shown so in some cases you may need to apply the appropriate "Okay", "Apply" or "Close" buttons to proceed to the next step.)

The start page for this topic is IPSec Policies. You can also view these Windows 2000 IPSec Instructions in PDF (.pdf) format. Remember: If you already use IPSec and you want to try the download offered from this site, you should export your current policy filters to a safe place first.

Download compressed files in .zip format:
Windows 2000 IPSec PDF Instructions.
Windows 2000 IPSec Text Instructions.

To begin, you'll need to download and extract the IpSecFilter.zip from our site to your desktop (or any other suitable location) and rename the files if you wish. After that, just follow the steps below.

Start a new Microsoft Management Console

We begin by pressing the "Start" button and selecting "Run...". Type "mmc" into the "Open:" text box and press the "Okay" button to start a new Microsoft Management Console.

New Microsoft Management Console

Our window in this example is titled "Console1". In the new Console window, press "Console" and select "Add/Remove Snap-in...".

Add/Remove Snap-in

Ensure "Console Root" is displayed from the "Snap-ins added to:" selection list and press the "Add" button.

Add Standalone Snap-in

Scroll the "Add Standalone Snap-in" window to select "IP Security Policy Management" and press "Add".

Select Computer or Domain

At "Select Computer", select the "Local computer" option and click "Finish".

Import Policies

This brings us back to "Console1". On the left pane, click on then right-click "IP Security Policies on Local Machine", select "All Tasks" and select "Import Policies".

Open the IPSec Policy File

Navigate to where you saved the files you previously downloaded from our site (our example was renamed to "050613STEALTH.ipsec"). Select the file in the window and press "Open".

Console Root/IP Security Policies on Local Machine

In the right pane (under "Console Root/IP Security Policies on Local Machine") you'll find the IPSec packet filter we're focusing on. This is also where you can right-click any of the filters listed to remove them, but you don't need to. You might want to leave them in place and "Unassigned", for future reference. For the sake of simplicity here, we're going to remove all but the IPSec packet filter named "IPSecFilter" to demonstrate how to use this on a personal computer.

Confirm the deletion of certain filters

Each time you delete filters you'll be asked "Are you sure", so click "Yes" if that's what you want to do.

Assign a policy

To activate a particular filter, right-click it and choose "Assign".

Saving the current Console

Now the IPSec Policy, including our filters and their rules, can be saved.

Saving the Console in Administrative Tools folder

Next, we'll save the new Console to the "Administrative Tools" folder on the computer. We saved ours as "My_IPSec.msc". At this point you could navigate to the "Administrative Tools" folder on your computer and make a desktop shortcut from there or you could simply type "mmc" into a Run box again, as we did to get to the next step.

Locating the new snap-in

At the resulting Console window, select "Console" on the tool bar and click "Open".

Open the new "My_IPSec.msc" snap-in

Now we'll take a look at our policy. At the "Open" screen, select your new snap-in (ours is "My_IPSec.msc"), and click the "Open" button.

Console Root/IP Security Policies on Local Machine

In the right pane (under "Console Root/IP Security Policies on Local Machine") you'll find the IPSec packet filter we're focusing on. Right-click on it to select "Properties".

Properties of our "IPSecFilter"

For our policy, you don't want to change any rules in the filter list except for the "Allowed ports/protocols" filter. Select it and choose "Edit".

Edit Rule Properties

This brings us to the "Edit Rule Properties" window where you'll need to select "Allowed ports/protocols" again and choose "Edit" again.

IP Filter List

The "IP Filter List" window is where you can Add, Edit or Delete specific rules. We've selected "SQLServer client" in our example and chose "Edit" again. You can remove certain rules here if you don't use or need them, but they're included to give you a pre-defined rule-set that should work in most (if not all) cases. (Note that adding filters with the Wizard can be a pain, so you might want to uncheck "Use Add Wizard" if you want to add a new filter and rules.) The six rules in this filter that are outlined with a red box are rules that have been added. We look closer at adding rules to an IPSec Filter on another page of our site entitled "How To Create IPSec Rules".

Properties of our "IPSecFilter"

"Filter Properties" presents you with the Addressing, Protocol and Description tabs. It's important to note that for these filters the "Addressing" sheet should display a checkmark for "Mirrored". "Source Address" should be set to "My IP Address" and the "Destination Address" should be "Any IP Address". The Protocol tab is where to set the ports and protocols you need to use for any rule and the Description tab is used to identify the filter. If you create a new filter and you find it doesn't work, you should consult your logs to look for any changes you might need to make. You can also review some of the other rules for more indications of how to properly set a filter.

If you do make any changes, you'll be prompted at the end to save them. Select "Yes"!

That's all there is to it! Happy surfing!