Professional Documents
Culture Documents
Windows XP and Vista IPSec VPN Policy
Windows XP and Vista IPSec VPN Policy
page 1
page 2
page 3
Here youll deselect Activate the default response rule and click Next
Now its time to define the IP filter lists (well be creating two of them. Theyll be exactly the same except from the terminating IP addresses) by choosing Add to get the New Rule Properties window.
Johan Engdahl 2007 page 4
In this example the first filter list will be called XP_to_Checkpoint_FW (the opposite will be called Checkpoint_FW_to_XP). Click Add to enter Filter Properties. Make sure to enter correct IP information depending on source respective destination addresses.
page 5
Click OK until the window New Rule Properties is shown again and create a new Filter List for the opposite direction.
page 7
page 8
Highlight Kerberos and click Edit and define Use this string (preshared key) and enter appropriate string to use (remember that this string much match between the terminating endpoints).
page 9
page 10
page 11
page 12
page 13
page 14
Conclusion
All I can say is that Im extremely pleased with the functionality. Although the screenshots above are taken from Windows XP, I can assure you that this works just as fine with Windows Vista. The IP-Stack in Windows XP and improved IP-Stack in Windows Vista makes it smooth to have several policies on the workstation where the different vendor VPN clients used to interfere with each other or making it completely impossible to combine certain clients at all.
page 15