1. Create an IP filter and filter operation
1. "Start" -> "Program" -> "Administrative Tool" -> "Local Security Policy". Microsoft recommends using local security policies for IPsec settings, because local security policies are applied to local computers, and usually IPsec It is tailored to a computer quantity.
2. Right-click on "IP Security Policy, in Local Machines", select "Manage IP Filter Table and Filter Actions", start the management IP filter table and filter operation dialog. We must first create an IP filter and related Operation can create a corresponding IPSec security policy.
3. In the Manage IP Filter Table, press the "Add" button to create a new IP filter:
1) In the IP Filter List dialog box, fill in the appropriate name, we use "TCP135" here, and the description will be filled in. Click the "Add ..." button on the right, start the IP Filter Wizard.
2) Skip the welcome dialog, next.
3) Select "any IP address" in the IP communication source page, because we want to block incoming access. Next.
4) In the IP communication target page, the target address is selected "My IP Address". Next.
5) In the IP protocol type page, select "TCP". Next.
6) In the IP protocol port page, select "to this port" and set to "135", others constant. Next.
7) Complete. Turn off the IP Filter List dialog. It is found that the TCP135IP filter appears in the IP filter list.
4. Select the Manage Filter Actions tab to create a denied operation:
1) Click the "Add" button, start the Filter Operation Wizard, and skip the welcome page, the next step.
2) In the Filter Operation Name page, fill in the name, here fill in "reject". Next step.
3) In the Filter Operating General Options page, set behavior to "Block". Next.
4) Complete.
5. Turn off the Administration IP Filter Table and Filter Actions dialog.
2. Creating an IP Security Policy
1. Right-click the "IP Security Policy, in Local Machines", select "Create IP Security Policy", start the IP Security Policy Wizard. Skip Welcome Pages, the next step.
2. In the IP Security Policy Name page, fill in the appropriate IP security policy name, which we can fill in "Deny to TCP135 Port", which can be filled in. Next.
3. In the Security Communication Requirements page, do not select "Activate the default response rule". Next.
4. In the completion page, select Edit Properties. Complete.
5. Set the settings in the "Refusal to the Access Properties" dialog box for the TCP135 port. First set the rule:
1) Click the "Add ..." button below, start the Secure Rules Wizard. Skip Welcome Pages, the next step.
2) On the tunnel endpoint page, select the default "This rule does not specify the tunnel". Next.
3) On the network type page, select the default "all network connections". Next.
4) On the Authentication Method page, select the default "Windows 2000 default (Kerberos V5 protocol)". Next.
5) Select the "TCP135" filter we just created in the IP Filter list page. Next.
6) On the filter operation page, select the "rejection" operation we have just established. Next.
7) In completing the page, do not select "Edit Properties", determine.
6. Turn off the "Reject The Access Properties" dialog for TCP135 ports.
III. Assignment and application IPSec security policy
1. Any IPSec security policy is not assigned. First we have to assign newly established security policies. In the local security policy MMC, right-click the "" "rejection of the TCP135 port to the TCP135 port." "Security Policy, Select" Assignment ".
2. Immediately refresh the group policy. Use the "SECEDIT / REFRESHPOLICY MACHINE_POLICY" command to refresh the group policy immediately.
