Announcement

Collapse
No announcement yet.

IP Security Policies

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP Security Policies

    Hi all,
    I need to configure a WindowsXP machine to accept any kind of networking actions only from a single unique IP address.
    Can this task be accomplished using the XP's IP Security Policies?
    I tried to create a security policy that has 2 rules:
    1. Block all traffic
    2. Allow all trafic from a uniqe IP

    But it seems that the 1st rule overrides the 2nd.

    Is there another FREE way to do it?

    Thanks in advance.

  • #2
    Well, if you create a Block All rule and add other rules that let traffic in it should work. I've done it myself many times. Check your rules and see if they are set up correctly.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      I can't get it to work.
      Here's what I've done:
      1. Create a new IP Security Policy, called it "Allow_only_1"
      2. Uncheked the "Activate the default response rule" checkbox
      3. Edit the properties
      4. Add a new Filter to the Filer List, called it "Block_all"
      5. configured it as follows:
      source IP address: "Any IP address"
      destination address: "My IP address"
      Protocol type: "Any protocol type"
      checked the "mirrored" checkbox
      in the "filter action" selected "block"
      6. Add a new Filter Called "allow_this_pc"
      configured it as follows:
      source IP address: "10.0.1.103"
      destination address: "My IP address"
      Protocol type: "Any protocol type"
      checked the "mirrored" checkbox
      in the "filter action" selected "allow"
      7. in the Policy Properties I checked both rules

      When I assign this policy and try to ping my pc from 10.0.1.103 i dont get a reply.

      I have no idea what I did wrong.
      Any idea ?

      Comment


      • #4
        Ok, don't add the ALLOW rule, instead create a rule that will allow you to use a specific port, such as TCP 80 and UDP 53. Now try to surf the Internet and see if it works.
        Cheers,

        Daniel Petri
        Microsoft Most Valuable Professional - Active Directory Directory Services
        MCSA/E, MCTS, MCITP, MCT

        Comment


        • #5
          I added these rules but i cant surf the web.

          Comment


          • #6
            Well, since I'm not there to see with my own eyes what exactly it is that you're doing - I cannot help you here. I do know that it works great for my computers, and I've done it a zillion times so far.

            Maybe you should erase the policy and begin by creating test ones just with the rules you need.
            Cheers,

            Daniel Petri
            Microsoft Most Valuable Professional - Active Directory Directory Services
            MCSA/E, MCTS, MCITP, MCT

            Comment


            • #7
              Ive done just that.
              I will make screenshots of what I did.
              Can I post them here somehow ?

              Comment


              • #8
                Here is a capture clip of what I did:

                ftp://petri[email protected]

                Encoded with Divx 5.11

                Comment


                • #9
                  any ideas yet ?

                  Comment

                  Working...
                  X