To protect communications between two computers, use an IPSec negotiation policy. The following steps outline how to build a policy that encrypts communication between computer A with an IP address of 192.168.7.55 and computer B, which has an IP address of 192.168.7.155.
Add the IP Security Policy Management snap-in to an MMC console on computer A.
- Right-click the IP Security Policies on Local Computer container, as shown here, and select Create an IP Security Policy.
- Click Next on the Welcome page.
- Enter the name Encrypt1 for the policy and click Next.
- Uncheck Activate the Default Response Rule.
Click Next; then click Finish.
On the Encrypt1 Rules page, click Add, as shown here, to add a new rule:
On the New Rule Properties IP Filter List page, click Add to create the filter list.
Enter Encrypt to name the filter list.
Uncheck the Use Add Wizard box and click Add to add a filter.
In the Source address drop-down list box, select A Specific IP Address.
Enter the IP address of computer B, 192.168.7.155.
In the Destination address drop-down list box, select My IP address, as shown here:
Click OK to close the IP Filter Properties list page and click OK to close the IP Filter List page.
In the IP Filter List tab, select the Encrypt entry (the list you just created), as shown in the following illustration, and then click the Filter Action tab.
Click to deselect the Use Add Wizard button and click Add to add a filter action.
On the New Filter Action Properties page, select Negotiate Security.
Click Add to add a security method. The default selection, Integrity and Encryption, is acceptable. By default, 3DES and SHA1 are selected. Click OK.
Click Accept Unsecured Communication, But Always Respond Using IPSec, as shown here:
Select the General page and enter Negotiate for the Filter Action name; then click OK.
Select Negotiate on the Filter Action page.
Select the Authentication Methods page and click Add.
Select Use This String (Preshared Key). Enter a long, complex key and then click OK.
Select Kerberos in the Authentication Method Preference Order box and click Remove. Click OK to respond to the pop-up. Note in the following illustration that the shared key is partially visible in the interface.
Click Close twice to exit the policy.
Export the policy and import it on computer B, or re-create the policy on computer B and in both cases change the Source address to that of computer A.
On computer A, in the IPSec console, right-click the policy, and select Assign to assign the policy. Until you assign the policy, it is not in effect.
Repeat on computer B. (Don’t forget to change the IP address you entered in step 11.)
