更详细的资料请参考微软的技术资源库:
Netsh Commands for Internet Protocol Security (IPsec)
连接如下:http://technet.microsoft.com/zh-cn/cc725926
备注:注意连接里的 Netsh Commands for Windows Firewall with Advanced Security.连接,他给你的帮助会更大;
导出IPsec安全策略:Netsh ipsec static exportpolicy file = d:/ExportSecurity.ipsec
导入IPsec安全策略:Netsh ipsec static importpolicy file = d:/ImportSecurity.ipsec
1、建立一个新的策略
1.1首先建立一个空的安全策略[Michael's安全策略]
Netsh ipsec static add policy name = Michael's安全策略
1.2建立一个筛选器操作”阻止”
Netsh ipsec static add filteraction name = 阻止 action =block
1.3建立一个筛选器列表“可访问的终端列表”
Netsh ipsec static add filterlist name =可访问的终端列表
Netsh ipsec static add filter filterlist = 可访问的终端列表
srcaddr=203.86.32.248
dstaddr = me dstport = 3389
description = 部门1访问 protocol =TCP mirrored = yes
Netsh ipsec static add filter filterlist = 可访问的终端列表
Srcaddr = 203.86.31.0 srcmask=255.255.255.0
dstaddr = 60.190.145.9 dstport = 0
description = 部门2访问 protocol =any mirrored = yes
1.4建立策略规则
Netsh ipsec static add rule name =可访问的终端策略规则
Policy = Michael's安全策略
filterlist =可访问的终端列表
filteraction = 阻止
2、修改策略
netsh ipsec static set filter filterlist = 可访问的终端列表
srcaddr = 220.207.31.249
dstaddr = Me dstport=3389 protocol=TCP
3、删除策略
netsh ipsec static delete rule name = 可访问的终端策略规则 policy = Michael's安全策略
netsh ipsec static delete filterlist name = 可访问的终端列表
4、最最重要的一步是激活;
netsh ipsec static set policy name = Michael's安全策略 assign = y
以下提供一个我自己写的实例:
新闻热点
疑难解答