Hello,
I'm attempting to add a range of IPs to a filterlist of an IPSEC
policy that's attached to a GPO.
The only way that I know of to add IP ranges to a filterlist is via
NETSH, syntax as follows:
netsh ipsec static add filter filterlist="IP Blocklist Filter"
dstaddr=ME srcaddr=[ipaddr of start ip addr range]-[ip addr of end ip
addr range]
The entire procedure would be:
1) create IPSEC policy in GPO
2) create ip filter list
3) create filter action
4) add entry to filter list
5) add filter rule to IPSEC policy
With the syntax of:
1) ?
2) netsh ipsec static add filterlist name="IP Blocklist Filter"
desc="IP blocklist filter"
3) netsh ipsec static add filteraction name="Block Filter Action"
action=block
4) netsh ipsec static add filter filterlist="IP Blocklist Filter"
dstaddr=ME srcaddr=x.x.x.x-x.x.x.x
5) netsh ipsec static add rule name="IP Blocklist Rule" policy="IP
Security Policy" filterlist="IP Blocklist Filter" filteraction="Block
Filter Action"
My question... is there a NETSH context that allows you to access the
GPO? Or is there a GPO shell that allows access to NETSH (or allows
adding a filter that contains a range of IP addresses) that will allow
within itself?
Or is there another option that I have to use instead?
Thanks,
Matt
|
Similar Threads
Linear Mode
