Jump to content


Block Web surfing with IPsec in winXP


  • Please log in to reply
4 replies to this topic

#1 torik_ad

torik_ad

    Best Poster in March 2010

  • Members
  • Pip
  • 21 posts
  • Gender:Male
  • Location:Saudi Arabia, AL-Khobar

Posted 09 March 2010 - 07:31 PM

Block Internet surfing
And keep your OUTLOOK EXPRESS ONLINE…
To configure a single computer follow these steps:
Configuring IP Filter Lists and Filter actions
1. Open an MMC window (Start > Run > MMC).
2. Add the IP Security and Policy Management Snap-In.
Attached File  1.JPG   17.84KB   176 downloads
Attached File  2.JPG   32.22KB   144 downloads

3. In the Select which computer this policy will manage window select the local computer (or any other policy depending upon your needs). Click Close then click Ok.
Attached File  3.JPG   28.67KB   131 downloads
4. Right-click IP Security Policies in the left pane of the MMC console. Select Manage IP Filter Lists and Filter Actions.
Attached File  4.JPG   23.52KB   116 downloads


5. In the Manage IP Filter Lists and Filter actions click Add.
Attached File  5.JPG   28.3KB   114 downloads


6. In the IP Filter List window type a descriptive name (such as HTTP, HTTPS) and click Add to add the new filters.
Attached File  6u.JPG   29.76KB   104 downloads

7. In the Welcome window click Next.
8. In the description box type a description if you want and click Next.
Attached File  6.JPG   27.83KB   99 downloads
9. In the IP Traffic Source window leave My IP Address selected and click Next.
Attached File  7.JPG   28.81KB   100 downloads

10. In the IP Traffic Destination window leave Any IP Address selected and click Next.
Attached File  8.JPG   27.01KB   93 downloads
11. In the IP Protocol Type scroll to TCP and press Next.
Attached File  9.JPG   29.96KB   86 downloads


12. In the IP Protocol Port type 80 (for HTTP) in the To This Post box, and click Next.
Attached File  10.JPG   26.01KB   91 downloads
13. In the IP Filter List window notice how a new IP Filter has been added. Now, if you want, add HTTPS (Any IP to Any IP, Protocol TCP, Destination Port 443) in the same manner.
Attached File  11.JPG   30.85KB   91 downloads


14. Now that you have both filters set up, click Ok.
Attached File  12.JPG   29.8KB   83 downloads
Note: A quick reminder - You can also Block Web Browsing but Allow Intranet Traffic with IPSec.
15. Back in the Manage IP Filter Lists and Filter actions review your filters and if all are set, click on the Manage Filter Actions tab. Now we need to add a filter action that will block our designated traffic, so click Add.
Attached File  13.JPG   28.47KB   73 downloads

16. In the Welcome screen click Next.
17. In the Filter Action Name type Block and click Next.
Attached File  14.JPG   25.17KB   78 downloads
18. In the Filter Action General Options click Block then click on Next.
Attached File  15.JPG   25.1KB   72 downloads


19. Back in the Manage IP Filter Lists and Filter actions review your filters and if all are set, click on the Close button. You can add Filters and Filter Actions at any time.
Attached File  16.JPG   25.95KB   68 downloads
Next step is to configure the IPSec Policy and to assign it.
Configuring the IPSec Policy
1. In the same MMC console right-click IP Security Policies on Local Computer and select Create IP Security Policy.
Attached File  17.JPG   23.49KB   70 downloads


2. In the Welcome screen click Next
3. In the IP Security Policy Name enter a descriptive name, such as "Block HTTP, HTTPS". Click Next
Attached File  18.JPG   20.79KB   64 downloads
4. In the Request for Secure Communication window click to clear the Active the Default Response Rule check-box. Click Next

Attached File  19.JPG   23.65KB   70 downloads

5. In the Completing IP Security Policy Wizard window, click Finish.
Attached File  20.JPG   23.73KB   82 downloads
6. We now need to add the various IP Filters and Filter Actions to the new IPSec Policy. In the new IPSec Policy window click Add to begin adding the IP Filters and Filter Actions.
Attached File  21.JPG   25.55KB   84 downloads


7. In the Welcome window click Next.
8. In the Tunnel Endpoint make sure the default setting is selected and click Next.
Attached File  22.JPG   28.05KB   84 downloads
9. In the Network Type windows select All Network Connections and click Next.

Attached File  23.JPG   24.92KB   79 downloads

10. In the IP Filter List window select one of the previously configured IP Filters, for example "HTTP, HTTPS" (configured in step #6 at the beginning of this article). If, for some reason, you did not previously configure the right IP Filter, then you can press Add and begin adding it now. When done, click Next.
Attached File  24.JPG   27.35KB   79 downloads
11. In the Filter Action window select one of the previously configured Filter Actions, for example "Block" (configured in step #15 at the beginning of this article). Again, if you did not previously configure the right Filter Action, you can now press Add and begin adding it now. When done, click Next.
Attached File  25.JPG   28.73KB   82 downloads

12. Notice how the IP Filter has been added.
Attached File  26.JPG   23.13KB   84 downloads
Again, you can add any combination of IP Filters and Filter Actions you like.
Notice that you cannot change their order like in other full-featured firewalls. Even so, this configuration works perfectly as you will soon discover.
The next phase is to assign the IPSec Policy.
Assigning the IPSec Policy
1. In the same MMC console, right-click the new IPSec Policy and select Assign.
Attached File  27.JPG   17.67KB   90 downloads
Done, you can now test the configuration by trying to surf to restricted and unrestricted websites.
********ENJOY********

Attached Files

  • Attached File  11.JPG   30.85KB   83 downloads

Edited by torik_ad, 09 March 2010 - 07:38 PM.

  • 4

#2 whoiam55

whoiam55

    .

  • Veterans
  • PipPipPipPipPip
  • 3422 posts
  • Gender:Male
  • Location:Faridabad,Haryana(India)
  • Interests:Chess, Gardening, delta9-THC and Computers of-course.

Posted 10 March 2010 - 02:01 AM

excellent efforts, keep it up. voted to post of the month ;)
  • 1

#3 Darby Weaver

Darby Weaver

    World's Largest Home Data Center

  • Global Moderators
  • PipPipPipPipPip
  • 8294 posts
  • Gender:Male
  • Location:USA
  • Interests:Taking on new CCNA/CCNP/CCIE/CCDA/CCDP/CCDE study group members. Interested?

Posted 13 March 2010 - 07:33 AM

Nice job!
  • 0

#4 arun_cdm

arun_cdm

    Member

  • Members
  • PipPip
  • 92 posts
  • Gender:Male
  • Location:India
  • Interests:i'm interested in networking.

Posted 23 March 2010 - 09:20 PM

Nice Effort.........................
  • 0

#5 torik_ad

torik_ad

    Best Poster in March 2010

  • Members
  • Pip
  • 21 posts
  • Gender:Male
  • Location:Saudi Arabia, AL-Khobar

Posted 28 March 2010 - 06:06 AM

Thank you man..



Nice job!


  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users