IPSec ?? ????? ???? ??? ????? ??????? ????????? ?? ????? ?? ??????? ???? ?? ??? ???? ????

???? ?????? ???? ??????
???? ID: 813878 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

??????

??????? ????????? ??????? (IPSec) ???? ??????? ?? Windows 2000-??????, Windows XP-??????, ?? Windows Server 2003-?????? ???????? ?? ????? ?? ?????? ???? ????? ?? ???????-?????? ???????? ?? ???????? ???? ?? ??? ????? ???? ?? ???? ??? ?? ???? ????? ?? ?? ??? ????? ????????? ?? ????? ??????? ?? ???????? ??????? ???????? ?? ??? ????? ?????? ?????? ???? ?? ??? ???? ????? ????? ????? ???? ?? ??? ??? ??? ?? ???? ?? IPSec ??????? Windows 2000-??????, Windows XP-?????? ?? Windows Server 2003-?????? ???????? ?? ??????? ??? ????? ??? ?? ???, ????? ?? IPSec ?? ?? ?? ???? ?? ????? ???? ?? ??? ???, ?? unassign ?? ?? IPSec ????? ?? ??? ??? ?????

???? ???????

IPSec ??????? ??????? ??? ?? ???? ???? ?? ???? ?? ?? ?? ????? ?? ???? ???? ?? ?? ??? ?? ??? ???, ?? ????? ?? ?? ????? ?? ??? ???? ???? ?? ???? ??? IPSec ??????? ??????? ?? ???? ????????(???????? ???? ?? ??? ???????) ??????????(????????)? IPSec ?? ????? ??????? ??????? ????????? ?? ???? ?? ?? ???????? ?????? ?? ???????? ???? ?? ??? ?? ??? ???? ??? ???????? IPSec ??????? ?????? ??? ?? ????????? ??? ???? ???? ??? ?? ??? ???????? ?????? ?? IPSec ???? ????? ???? ?? ???????? ???? ????? ??? ???? ????

???????????? ???? ??? Ipsecpol.exe ?? ????? ?? ????????? ?? ?????? ?? ???? ??? ??????? ??? ????????? ?? ?????? ???? ?? ???? ????????? ???? ?? ?? ??? ??? ??? ?????? ??? ?? ?? ??? ???????????? ???? ????? ????????? ?? ??? ?? ????, ???????????? ????, ?? ??????? ???? ?? ???? ??? ????? ?? ???, ????? ???? ?????? ?? ????? ?? ???? ?? Microsoft ???????? ??? ?????::
256986Microsoft Windows ????????? ?? ?????
???:IPSec ?????? ???? ???? ???? ?? ??? ?? ???????????? ?? ???????? ???? ?? ??? ?????? ????, ??????? ?????? ?? ???????? ?? ????? ?? ??? ??????? ??????????? ?? ???? ???? ????? ???? ?? ?? ?? ???? ??????? ??? ???? ??? ??????? ????? ?? ????? ?? ??? ???? ?? ???????? ?? ??? ?????? ??? ???? ???? ?? defensive ????? ?? ??? ??? IPSec ?????? ?????? ?? ????? ????? ??? ?? ???? ??? ???????? ????? ?? ????? ?? ????? IPSec ???? ??? ??????? ?????? ?? ???? ??????? ????????? ?? ??, ?? ????? ????? ???? ?? ???? ?? ????? ?? ??? ???? ???? ?? ???? ??? ????????? ?? ??? ?? ???? ??? ??? ??? "Unassign ?? ????? an IPSec ????" ?????? ??????

????????? ???? ?? ???? ??? IPSec ???? ?? ????? ???? ??? ??

Windows Server 2003-?????? ????????

???? ???? ?? ?? ????? ?? Windows Server 2003-?????? ???????? ?? ??? ??? ??? IPSec ??????? ????? ????, ???? ???? ?? IPSec ??????? ??? ?? ??? ???? ???? ???? ???????? (GPO) ?? ?????? ?? ?? ??????? ????????? ?? ??? ?????? ??? ???? ?? ???, ????? ????? ?? ???? ????::
  1. Windows Server 2003 CD ?? Netdiag.exe Suptools.msi ?? Support\Tools ??????? ?? ??? ?? ??????? ?????
  2. ?? ????? ????????? ?????, ?? ???? ??? C:\Program Files\Support ????? ?? ??? ????? ?????? ?? ??? ?????
  3. ???????? ???? ?? ???? ?? ??? ?????? IPSec ???? ???????? ?? ???? ?? ?? ????? ???? ?? ??? ????? ???? ?????:
    Netdiag /test:ipsec
    ??? ??? ???? ?? ????? ???? ??? ??, ?? ???? ????? ????? ??????? ???? ??:
    IP ??????? ???????........ . : Passed IPSec ???? ???? ?????? ??, ????? ??? ???? ?? ????? ???? ??? ???

Windows XP-?????? ????????

???? ???? ?? ?? ????? ?? ???? Windows XP-?????? ???????? ?? ??? ??? ??? IPSec ??????? ????? ????, ??? ????? ?? ???? ??? IPSec ??????? ??? ?? ??? ???? GPO ?? ?? ??????? ????????? ??? ??? ???? ?? ???, ????? ????? ?? ???? ????::
  1. Windows XP CD ?? Netdiag.exe Setup.exe ?? Support\Tools ??????? ?? ??? ?? ??????? ?????
  2. ?? ????? ????????? ?????, ?? ???? ??? C:\Program Files\Support ????? ?? ??? ????? ?????? ?? ??? ?????
  3. ???????? ???? ?? ???? ?? ??? ?????? IPSec ???? ???????? ?? ???? ?? ?? ????? ???? ?? ??? ????? ???? ?????:
    Netdiag /test:ipsec
    ??? ??? ???? ?? ????? ???? ??? ??, ?? ???? ????? ????? ??????? ???? ??:
    IP ??????? ???????........ . : Passed IPSec ???? ???? ?????? ??, ????? ??? ???? ?? ????? ???? ??? ???

Windows 2000-?????? ????????

???? ???? ?? ?? ????? ?? Windows 2000-?????? ???????? ?? ??? ??? ??? IPSec ??????? ????? ????, ??? ????? ?? ???? ??? IPSec ??????? ??? ?? ??? ???? GPO ?? ?? ??????? ????????? ??? ??? ???? ?? ???, ????? ????? ?? ???? ????::
  1. Windows 2000 CD ?? Netdiag.exe Setup.exe ?? Support\Tools ??????? ?? ??? ?? ??????? ?????
  2. ?? ????? ????????? ?????, ?? ???? ??? C:\Program Files\Support ????? ?? ??? ????? ?????? ?? ??? ?????
  3. ???????? ???? ?? ???? ?? ??? ?????? IPSec ???? ???????? ?? ???? ?? ?? ????? ???? ?? ??? ????? ???? ?????:
    Netdiag /test:ipsec
    ??? ??? ???? ?? ????? ???? ??? ??, ?? ???? ????? ????? ??????? ???? ??:
    IP ??????? ???????........ . : Passed IPSec ???? ???? ?????? ??, ????? ??? ???? ?? ????? ???? ??? ???

????? ??????? ?? ??? ??? ????? ???? ?????

Windows Server 2003-?????? ?? Windows XP-?????? ????????

?????? ?? ??????? ??? ?? ????????? IPSec ???? ????? ???? ??, ?? ??? ?? ?? ??????? ????? ???? ???? ??????? ????????? ?? Windows Server 2003-?????? ?? ???? ??????? ????? ?? Windows XP ?????? ???????? ?? ??? ????????? ??????? ????? ???? ?? ??? ?????? ??? ???? ?? ???, ????? ????? ?? ???? ????::
  1. ???????? ???? ?? IPSec ???? ????? ???? ????? ?? ?????? MMC ?????-?? ??? ??????? ???? ??? ???
  2. IPSeccmd.exe ??????? ????? IPSeccmd.exe ?? ?????? ????? ?? Windows XP ?????? ??? 2 (SP2) ?? ??? ???

    ???:Windows XP ?? Windows Server 2003 ???????? ?????? ?? IPSeccmd.exe ?????, ????? ????? ???? Windows XP SP2 ?????? ????? ????? ?? ?????? ???

    ??????? ?? ??? ?? ?? Windows XP ?????? ??? 2 ?????? ????? ??????? ???? ?? ???? ??? ???? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
    838079Windows XP ?????? ??? 2 ?????? ?????
  3. ?? ????? ????????? ?????, ?? ???? ??? ??????? ?? ???? ?? Windows XP ?????? ??? 2 ?????? ????? ??????? ???? ?? ??? ????? ?????? ?? ??? ?????

    ???:Windows XP SP2 ?????? ????? ?? ??? ??????? ?????? ??? C:\Program Files\Support ????? ???
  4. ??? ?? ??????? IPSec ???? ?? Windows Server 2003-?????? ?? Windows XP-?????? ???????? ???????? ???? ??? ?? ?? IP ??? ???? ?? ??? ??? IP ??? ?? ??????? ???????? ?? ???? ???? ?? ??????? ???? ????? ??, ????? ???? ?? ????? ?????

    ???:????? ???? ????????????, ??PortNumber?? ???? ????
    IPSeccmd.exe -w REG -p "????????????PortNumber"-R" ??? ??????? ?????? ?????????????PortNumber????"-f * = 0:PortNumber:?????????-n ????? ?x
    ?????? ?? ???, ???? ?? IP ?? ??????? ???????? ?? ??????? ???? ?? ??? ??? ?? ?????? ?? ??? ??? ????? ????? ????? UDP 1434 Windows Server 2003-?????? ?? Windows XP-?????? ???????? ??, ????? ?????? This policy is sufficient to help protect computers that run Microsoft SQL Server 2000 from the "Slammer" worm.
    IPSeccmd.exe -w REG -p "Block UDP 1434 Filter" -r "Block Inbound UDP 1434 Rule" -f *=0:1434:UDP -n BLOCK -x
    The following example blocks inbound access to TCP port 80 but still allows outbound TCP 80 access. This policy is sufficient to help protect computers that run Microsoft Internet Information Services (IIS) 5.0 from the "Code Red" worm and the "Nimda" worm.
    IPSeccmd.exe -w REG -p "Block TCP 80 Filter" -r "Block Inbound TCP 80 Rule" -f *=0:80:TCP -n BLOCK -x
    ???:The-x????? ???? ???? ????? ??? ??? ?? ?? ???? ?? ???? ????, ?? "??? UDP 1434 ??????" ???? unassigned ?? ?? "??? TCP 80 ??????" ?? ????? ???? ??? ??? ???? ??? ?????? ????? ???? ?? ????? ???? ??, ?? ??? ???? ???? ?????-x??? ??? ?????
  5. ????? ?? ??? ?? ???????? ????????? ???? ?????? "??? UDP 1434 ??????" ???? ?? ??? ????? ??????? ???????? originates Windows Server 2003-?????? ?? Windows XP-?????? ???????? ?? ??? IP ??? ???? ?? ???, ????? ???? ?? ????? ?????

    ???:?? ??????? ???,?????????, ??PortNumber?? ???:
    IPSeccmd.exe -w REG -p "????????????PortNumber??????"- r"??? ?????????????PortNumber????"-f * 0 =:PortNumber:?????????-n ???
    ?????? ?? ???, ???? Windows Server 2003-?????? ?? Windows XP-?????? ???????? ?? ??? ????? UDP 1434 ???? ?? ??? ????????? ?? originates ??? ??????? ???????? ?? ????? ???? ?? ??? ????? ?????? ?? ???? SQL Server 2000 ?? "Slammer" ???? spreading ?? ???? ???? ?????????? ?? ????? ??? ??? ???? ?? ??? ???????? ???
    IPSeccmd.exe -w REG -p "??? UDP 1434 ??????"-r"??? ???? UDP 1434 ????" -f 0 = *:1434:UDP - n ???
    ???:?? ???? ????????? ???? ???? ?? ??? ?? ???? ?? ??? ??? ?? ?? ???? ?? ????? ???? ???? ???? ???? ?????? ?? ???, ?? ??? ???? ?? ????? ?? ?? ?? ???? ????? ?? ??????? ???? ?? ??? ?? ???? ?? ????? ?? ???? ????
  6. ??? 5 ??? ???? ????????? ?? ?? ????? ?? ????? ???????? ??? ???????? ???????? ???? ???? ?? ??? ???? ??? ???????, ??? ?????-?????? IPSec ???? ?? ?? ????? ???? ??? ???????? ??? ???, ?? ??????? ???? overridden ?? ?? ???? ???? ??????

    ????????? ???? ???? ?? ??? ????????? ???? ?? ???, ????? ?????? C:\Program Files\Support ????? ?? ??? ????? ????????? ?? ??? ????, ?? ???? ??? ????? ???? ???? ????:
    Netdiag /test:ipsec /debug
    ??? ????? ??????? ?? ???????? ??????? ?? ??? ??????? ??? ?? ???????? ?? ??? ??? ????? ??? ?? ???, ?? ???? ????? ????? ??????? ????:
    IP ??????? ???????........ . :
    '??????? UDP 1434 ??????' IP ??????? ???? ?? passed ??????? IPSec ???? ??????:: SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy {D239C599-F945-47A3-A4E3-B37BC12826B9}

    2 ??????? ???
    ??? ???
    ??????? ID: {5EC1FD53-EA98-4C1B-A99F-6D2A0FF94592}
    ???? ID: {509492EA-1214-4F50-BF43-9CAC2B538518}
    Src Addr: ?? 0.0.0.0 Src ?????: ?? 0.0.0.0
    ?????? Addr: 192.168.1.1 ?????? ?????: 255.255.255.255
    ??? Addr: ?? 0.0.0.0 Src ?????: 0 ?????? ?????: 1434
    ?????????: 17 TunnelFilter: ????
    ????: ??????? ?????
    ??? ???
    ??????? ID: {9B4144A6-774F-4AE5-B23A-51331E67BAB2}
    ???? ID: {2DEB01BD-9830-4067-B58A-AADFC8659BE5}
    Src Addr: 192.168.1.1 Src ?????: 255.255.255.255
    ?????? Addr: ?? 0.0.0.0 ?????? ?????: ?? 0.0.0.0
    ??? Addr: ?? 0.0.0.0 Src ?????: 0 ?????? ?????: 1434
    ?????????: 17 TunnelFilter: ????
    ????: ???? ?????
    ???:IP ??? ?? ???????? ???? ??????? (GUID) ???????? ???? ??? Windows Server 2003-?????? ?? Windows XP-?????? ???????? ?? ?????? ???

Windows 2000-?????? ????????

?????? ?? ?? ??????? ??? ?? ????????? IPSec ???? ?????, ???? ???? ?? ??????? ????? ???? ?? ????????? ????????? ?? ????? ?? ??? ????????? ??????? ????? ???? ?? ??? ????? ?? ???, ????? ????? ?? ???? ???? ?? ??? ???? Windows 2000-?????? ???????? ?? ???? ???? ?????? IPSec ???? ????? ???? ??? ??:
  1. ???????? ???? ?? IPSec ???? ????? ???? ????? ?? ?????? MMC ?????-?? ??? ??????? ???? ??? ???
  2. ??????? ?? Ipsecpol.exe ?? ??????? ???? ?? ??? ????? Microsoft ??? ???? ?? ????:
    HTTP://www.Microsoft.com/downloads/details.aspx?displaylang=EN ?? FamilyID 7D40460C-A069-412E-A015-A2AB904B7361 =
  3. ?? ??????? ????????? ????? ?? ????? ?????? ??????? ?? ???? ?? Ipsecpol.exe ??????? ???? ?? ??? ??? ???

    ???:Ipsecpol.exe ?? ??? ??????? ?????? ?? C:\Program Files\Resource ????
  4. ??? ?? ??????? IPSec ???? ????? ?? ????? ???? ?? ????? Windows 2000-?????? ???????? ?? ?? ???????? ???? ???, ?? IP ??? ???? ?? ??? ??? IP ??? ?? ???? ???? ?? ??? ??????? ???????? ???? ????????? ?? ??? ?????????????, ??PortNumber?? ???:
    ipsecpol -w REG -p "????????????PortNumber"-R" ??? ??????? ?????? ?????????????PortNumber????"-f * = 0:PortNumber:?????????-n ????? ?x
    ?????? ?? ???, ???? ?? IP ?? ??????? ???????? ?? ??????? ???? ?? ??? ??? ?? ?????? ?? ??? ??? ????? ????? ????? UDP 1434 Windows 2000-?????? ???????? ??, ????? ?????? ?? ???? Microsoft SQL Server 2000 ?? "Slammer" ???? ?? ???? ???? ???????? ?? ??????? ??? ??? ???? ?? ??? ???????? ???
    ipsecpol -w REG -p "Block UDP 1434 Filter" -r "Block Inbound UDP 1434 Rule" -f *=0:1434:UDP -n BLOCK -x
    The following example blocks inbound access to TCP port 80 but still allows outbound TCP 80 access. This policy is sufficient to help protect computers that run Microsoft Internet Information Services (IIS) 5.0 from the "Code Red" and "Nimda" worms.
    ipsecpol -w REG -p "Block TCP 80 Filter" -r "Block Inbound TCP 80 Rule" -f *=0:80:TCP -n BLOCK -x
    ???:The-x????? ???? ???? ????? ??? ??? ?? ?? ???? ?? ???? ????, ?? "??? UDP 1434 ??????" ???? unassigned ??, ?? "??? TCP 80 ??????" ?? ????? ???? ??? ??? ???? ??????? ?? ???? ????? ????? ???? ?? ????? ???? ??, ?? ???-x??? ??? ?????
  5. ??? ???????? ????????? ???? "??? UDP 1434 ??????" ???? ?????? ??????? ??????? ???????? originates ????? ?? ????????? Windows 2000-?????? ???????? ??? IP ??? ???? ?? ??? ????? ???? ?? ????? ???? ???????????????, ??PortNumber?? ???:
    ipsecpol -w REG -p "????????????PortNumber??????"- r"??? ?????????????PortNumber????"-f * 0 =:PortNumber:?????????-n ???
    ?????? ?? ???, ???? Windows 2000-?????? ???????? ?? ??? ????? UDP 1434 ???? ?? ??? ????????? ?? ?? ?? originates ??? ??????? ???????? ?? ????? ???? ?? ??? ????? ?????? ?? ???? SQL Server 2000 ?? "Slammer" ???? spreading ?? ???? ???? ?????????? ?? ????? ?? ??? ???????? ???
    ipsecpol -w REG -p "UDP 1434 ?????? ???" - r"??? ???? UDP 1434 ????" -f 0 = *:1434:UDP - n ????? ????
    ???:?? ???? ????????? ???? ???? ?? ??? ?? ???? ?? ??? ??? (?????? ?? ???, ??? ???? ?? ????? ?? ?? ?? ???? ????? ?? ??????? ???? ?? ???) ?? ???? ?? ????? ?? ?? ??? ???? ????
  6. ??? 5 ??? ???? ????????? ?? ?? ????? ?? ????? ???????? ??? ???????? ???????? ???? ???? ?? ??? ???? ??? ???????, ??? ?????-?????? IPSec ???? ?? ?? ????? ???? ??? ???????? ??? ???, ?? ??????? ???? overridden ?? ?? ???? ???? ?????? ??? ????????? ?? ???? ????????? ????, ????? ????????? ?? ?? ?????? ???? ?? ??? ????? ?????? C:\Program Files\Support ????? ?? ??? ??? ????, ?? ???? ??? ????? ???? ???? ????:
    Netdiag /test:ipsec /debug
    ???, ?? ???????? ??? ?? ??? ??? ????? ??????? ?? ???????? ??????? ?? ??? ??????? ????? ???, ???? ????? ????? ??????? ????:
    IP ??????? ???????........ . :
    '??????? UDP 1434 ??????' IP ??????? ???? ?? passed ??????? IPSec ???? ??????:: SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\ipsecPolicy {D239C599-F945-47A3-A4E3-B37BC12826B9}

    2 ??????? ???
    ??? ???
    ??????? ID: {5EC1FD53-EA98-4C1B-A99F-6D2A0FF94592}
    ???? ID: {509492EA-1214-4F50-BF43-9CAC2B538518}
    Src Addr: ?? 0.0.0.0 Src ?????: ?? 0.0.0.0
    ?????? Addr: 192.168.1.1 ?????? ?????: 255.255.255.255
    ??? Addr: ?? 0.0.0.0 Src ?????: 0 ?????? ?????: 1434
    ?????????: 17 TunnelFilter: ????
    ????: ??????? ?????
    ??? ???
    ??????? ID: {9B4144A6-774F-4AE5-B23A-51331E67BAB2}
    ???? ID: {2DEB01BD-9830-4067-B58A-AADFC8659BE5}
    Src Addr: 192.168.1.1 Src ?????: 255.255.255.255
    ?????? Addr: ?? 0.0.0.0 ?????? ?????: ?? 0.0.0.0
    ??? Addr: ?? 0.0.0.0 Src ?????: 0 ?????? ?????: 1434
    ?????????: 17 TunnelFilter: ????
    ????: ???? ?????
    ???:IP ??? ?? ???????? ???? ??????? (GUID) ???????? ????? ????? ??? ?? ?? Windows 2000-?????? ???????? ??? ??????????? ??????

????????? ????????? ?? ????? ?? ??? ??? ??? ???? ??????

Windows Server 2003-?????? ?? Windows XP-?????? ????????

Windows Server 2003-?????? ?? Windows XP-?????? ???????? ?? ???? ?????? ???????-????? ????? IPSec ???? ?? ?? ???? ??????? ????????? ?? ????? ?? ??? ??? ??? ???? ??????, ?? ????? ?? ???? ????:
  1. IPSeccmd.exe ??????? ????? IPSeccmd.exe ?? Windows XP SP2 ?????? ????? ?? ??? ???

    ??????? ?? ??? ?? ?? Windows XP ?????? ??? 2 ?????? ????? ??????? ???? ?? ???? ??? ???? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
    838079Windows XP ?????? ??? 2 ?????? ?????
  2. ??????? ??? ????? ??? ?? IPSec ???? ?? ??? ?? ????? ????? ??? ???? ?? ???, ????? ????????? ?? ????? ?????:
    Netdiag /test:ipsec
    ??? ??? ???? ?? ????? ???? ??? ??, ?? ???? ????? ?? ???? ????? ??????? ????:
    IP ??????? ???????........ . : ???? ???
    ??????? IPSec ???? ??????: '????? UDP 1434 ??????'
  3. ??? ??? ?? ?? IPSec ???? ???? ???? ?? ?? ????? ???????? (??????? ?? ?????), ????? ???? ?? ??? ?????? IPSec ???? ??? ??? ???????? ????? ?????? ???? ?????? ?? ??? ????? ?????

    ???:?? ??????? ???,Existing_IPSec_Policy_Name,?????????, ??PortNumber?? ???? ????
    IPSeccmd.exe -p "Existing_IPSec_Policy_Name"-w REG - r"????????????PortNumber????"-f * = 0:PortNumber:?????????-n ????? ????
    ?????? ?? ???, ?????? ?? ??? ??? ?????? ???? ?? ?????? ????? UDP 1434 ?????? ???? ?? ??? TCP ????? 80 ??????? ????? ?? ??????? ???? ?? ???, ????? ???? ????:
    IPSeccmd.exe -p "??? UDP 1434 ??????" -w REG - r "??????? TCP 80 ????? ????" -f * 0:80:TCP - n ??? =

Windows 2000-?????? ????????

????? ?? ??? ??? ??? ???? ????????? ????????? ?? ????? ?? ??? ??? ?????? ???????-????? ????? IPSec ???? ?? ??? Windows 2000-?????? ???????? ??, ????? ????? ?? ???? ????:
  1. ??????? ?? Ipsecpol.exe ?? ??????? ???? ?? ??? ????? Microsoft ??? ???? ?? ????:
    HTTP://support.Microsoft.com/KB/927229
  2. ??????? ??? ????? ??? ?? IPSec ???? ?? ??? ?? ????? ????? ??? ???? ?? ???, ????? ????????? ?? ????? ?????:
    Netdiag /test:ipsec
    ??? ??? ???? ?? ????? ???? ??? ??, ?? ???? ????? ?? ???? ????? ??????? ????:
    IP ??????? ???????........ . : ???? ???
    ??????? IPSec ???? ??????: '????? UDP 1434 ??????'
  3. ??? ??? ?? (??????? ?? ?????), ???????? ?? ???? ?? ?? ????? ??? ?? IPSec ???? ?? ?? ???????? ????? ???? ?? ??? ?????? IPSec ???? ???, ???? ??????? ?????? ?? ??? ????? ???? ?? ????? ????Existing_IPSec_Policy_Name,?????????, ??PortNumber?? ???:
    ipsecpol -p "Existing_IPSec_Policy_Name"-w REG - r"????????????PortNumber????"-f * = 0:PortNumber:?????????-n ????? ????
    ?????? ?? ???, ?????? ?? ??? ??? ?????? ???? ?? ?????? ????? UDP 1434 ?????? ???? ?? ??? TCP ????? 80 ??????? ????? ?? ??????? ???? ?? ???, ????? ???? ????:
    ipsecpol -p "??? UDP 1434 ??????" -w REG - r "??? ??????? TCP 80 ????" -f * = 0:80:TCP - n ????? ????

????????? ????????? ?? ????? ?? ??? ???? ???????? ????? ??? ??????

Windows Server 2003 ?? Windows XP-?????? ????????

?? ???? ??????? ????? ?? ????? ?? ??????? ??? ?? ????? ?? ???? ???? ?????? ?? ???, ?? ???? ?? ?? ???? ??????? ????? ?? ????? ?? ?? ???????? ?? ??????? ?? ???? ??? ?? ??? ?????-?????? IPSec ???? ???????? ?? ???? ?? ?? ????? ???? ??? IPSec ???? ?? ????? ?? Windows Server 2003-?????? ?? Windows XP-?????? ???????? ?? ??? ????? ????? ??????? ??? ?? ?????, ?? ????? ?? ???? ????:
  1. IPSeccmd.exe ??????? ????? IPSeccmd.exe ?? Windows XP ?????? ??? 2 ?????? ????? ?? ??? ???

    ???:Windows XP ?? Windows Server 2003 ???????? ?????? ?? IPSeccmd.exe ?????, ????? ????? ???? Windows XP SP2 ?????? ????? ????? ?? ?????? ???

    ??????? ???? ?? Windows XP ?????? ??? 2 ?????? ????? ??????? ???? ?? ??? ???? ???? ?? ???? ??? ???? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
    838079Windows XP ?????? ??? 2 ?????? ?????
  2. ????? ?? ??? ???????? ????? ?????? ?? ????? ??? ????? ?? ??? IP ??? ?????? ?? IP ??? ?? ?????? ?????, ?? ????? ????????? ?? ????? ??????

    ???:????? ???? ????????????, ??PortNumber?? ???? ????
    IPSeccmd.exe -f [* = 0:PortNumber:?????????]
    ???:?? ???? ????? ????? ?????? ?????? ??? ??? ???? ????? ??? ?? ???? ?? ?? IPSec ???? ????? ???? ?? ??? ??? IPSec ???? ????? ???? ?? ???????? ?? ???????? ???????? ????, ??? ?? ???? ??? ??? ??? ?? ???: ?????? ??? ?? ????? IPSec ??????? ???? ?? ??? ?? ?????? ???????? ???? ????? ???, ?????? ???? reapply ???? ?? ??? ?? ????????? ????????? ?????? ??? ?? ?? ??????? ?? ?????? ??? ?? ???? ???? ?? ??? ????? ???, ?? IPSec ??? ????? ???? ?? ??? ??? ??????? ???????? ????? IPSec ???? ??????? MMC ?????-?? IPSec ???? ??????????? ???????? ???? ?? ??? ??? ???????? ???? ??????? ?????? ????? ??? ??? ???? ?? ?? ?????-?????? IPSec ???? ???? ?? ?? ??, ??Netdiag /test:ipsec /debug???? ?? ???? ?? ???? ?????? ????? ?????? ??? ????? ?????????? ??????????? ??????? ?????????? ?????? ???? ????????? ???

Windows 2000-?????? ????????

You may want to block a specific port temporarily (for example, until a hotfix can be installed, or if a domain-based IPSec policy is already assigned to the computer). To temporarily block access to a port on a Windows 2000-based computer by using IPSec policy, follow these steps:
  1. ??????? ?? Ipsecpol.exe ?? ??????? ???? ?? ??? ????? Microsoft ??? ???? ?? ????:
    http://support.microsoft.com/kb/927229
  2. To add a dynamic BLOCK filter that blocks all packets from any IP address to your system's IP address and targeted port, type the following at a command prompt, where?????????, ??PortNumber?? ???:
    ipsecpol -f [*=0:PortNumber:?????????]
    ???:This command creates the block filter dynamically, and the policy will remain assigned as long as the IPSec Policy Agent service is running. If the IPSec service is restarted or the computer is rebooted, this setting will be lost. If you want to dynamically reassign the IPSec Filtering Rule every time the system is restarted, create a startup script to reapply the Filter Rule. If you want to permanently apply this filter, configure the filter as a static IPSec policy. The IPSec Policy Management MMC snap-in provides a graphical user interface for managing IPSec policy configuration. If a domain-based IPSec policy is already applied, theNetdiag /test:ipsec /debugcommand may only show the filter details if the command is executed by a user with domain administrator credentials. An updated version of Netdiag.exe will be available in Windows 2000 Service Pack 4 that will allow local administrators to view domain-based IPSec policy.

IPSec filtering rules and Group Policy

For environments where IPSec policies are assigned by a Group Policy setting, you have to update the whole domain?s policy to block the particular protocol and port. After you successfully configure the Group Policy IPSec settings, you must enforce a refresh of the Group Policy settings on all the Windows Server 2003-based, Windows XP-based, and Windows 2000-based computers in the domain. To do this, use the following command:
secedit /refreshpolicy machine_policy
The IPSec policy change will be detected within one of two different polling intervals. For a newly assigned IPSec policy being applied to a GPO, the IPSec policy will be applied to the clients within the time set for the Group Policy polling interval or when thesecedit /refreshpolicy machine_policycommand is run on the client computers. If IPSec policy is already assigned to a GPO and new IPSec filters or rules are being added to an existing policy, theseceditcommand will not make IPSec recognize changes. In this scenario, modifications to an existing GPO-based IPSec policy will be detected within that IPSec policy's own polling interval. This interval is specified on the???????tab for that IPSec policy. You can also force a refresh of the IPSec Policy settings by restarting the IPSec Policy Agent service. If the IPSec service is stopped or restarted, IPSec-secured communications will be interrupted and will take several seconds to resume. This may cause program connections to disconnect, particularly for connections that are actively transferring large volumes of data. In situations where the IPSec policy is applied only on the local computer, you do not have to restart the service.

Unassign and delete an IPSec policy

Windows Server 2003-?????? ?? Windows XP-?????? ????????

  • Computers that have a locally-defined static policy
    1. Open a command prompt, and then set the working folder to the folder where you installed Ipsecpol.exe.
    2. To unassign the filter that you created earlier, use the following command:
      IPSeccmd.exe -w REG -p "????????????PortNumberFilter" ?y
      For example, to unassign the Block UDP 1434 Filter that you created earlier, use the following command:
      IPSeccmd.exe -w REG -p "Block UDP 1434 Filter" -y
    3. To delete the filter that you created, use the following command:
      IPSeccmd.exe -w REG -p "????????????PortNumberFilter" -r "Block?????????PortNumberRule" ?o
      For example, to delete the "Block UDP 1434 Filter" filter and both of the rules that you created, use the following command:
      IPSeccmd.exe -w REG -p "Block UDP 1434 Filter" -r "Block Inbound UDP 1434 Rule" -r "Block Outbound UDP 1434 Rule" -o
  • Computers that have a locally-defined dynamic policy
    ??? IPSec ???? ????? ???? ?? ????? ?? ??? ??? ??, ?? ???????? IPSec ???? unapplied ??net stop policyagent????? IPSec ???? ????? ???? ?????, ????? ????? ?? ???? ????? ??? ?? ????? ???? ?????:
    1. ?? ????? ????????? ?????, ?? ???? ??? ??????? ?? ???? ?? Windows XP ?????? ??? 2 ?????? ????? ??????? ???? ?? ??? ????? ?????? ?? ??? ?????
    2. ????? ???? ???? ????:
      IPSeccmd.exe ?u
      ???:?? ?????? ??? ??-????? ??? ??????? ?? ???? ???? ?? ??? IPSec ???? ????? ???? ?? ???????? ?? ?? ???? ????

Windows 2000-?????? ????????

  • ??????? ??? ?? ??????? ????? ???? ?? ??? ????????
    1. ?? ????? ????????? ?????, ?? ???? ??? ??????? ?? ???? ?? Ipsecpol.exe ??????? ???? ?? ??? ????? ?????? ?? ??? ?????
    2. ???? ???? ????? ?? ?? ??????? unassign, ?? ??? ????? ???? ?? ????? ????:
      ipsecpol -w REG -p "????????????PortNumber??????"?y
      ?????? ?? ???, ???? ??? ???? ?? ??? UDP 1434 ?????? unassign, ?? ??? ????? ???? ?? ?????:
      ipsecpol -w REG -p "??? UDP 1434 ??????" -y
    3. ???? ?????? ???? ?? ??????? ?? ????? ?? ??? ????? ???? ?? ????? ????:
      ipsecpol -w REG -p "????????????PortNumber??????"- r"????????????PortNumber????"?o
      ?????? ?? ???, ????? ?? ??? "??? UDP 1434 ??????" ?????? ?? ????? ???? ?? ???? ?????? ???? ?? ????, ????? ???? ?? ????? ????:
      ipsecpol -w REG -p "??? UDP 1434 ??????" - r "??? ??????? UDP 1434 ????" - r"??? ???? UDP 1434 ????" -???
  • ??????? ??? ?? ??????? ???????? ???? ?? ??? ????????

    ???????? IPSec ???? ???? unapplied ??? IPSec ???? ????? ???? ???? ???? ?? (?? ????? ??net stop policyagent????)? ???????, ?? ????? ???? ????? ?? ???? ??????? ???? ?? ????? ?? ??? IPSec ???? ????? ????, ?? ????? ?? ?????:
    1. ?? ????? ????????? ?????, ?? ???? ??? ??????? ?? ???? ?? Ipsecpol.exe ??????? ???? ?? ??? ????? ?????? ?? ??? ?????
    2. ????? ???? ???? ????:
      Ipsecpol ?u
      ???:?? ?? ??? ?????? ??? ??-????? ??????? ?? ???? ???? ?? ??? IPSec ???? ????? ???? ???????? ?? ???? ???

??? ??????????? ?? ????? ?? ??? ???? ?? ??????? ???? ???? ????

Microsoft Windows 2000 ?? Microsoft Windows XP ??? ??????? ??? ???, IPSec exempts ?? ??? ??????? ?? ??????? ???????? ???????, ??????????, RSVP, IKE ?? Kerberos ???????? ?? exemptions ?? ???? ??? ???????? ??????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
253169??--?? ???? ??? ?? IPSec ?????? ???????? ???? ???? ?? ???? ?? ???????
?????? ??? ?? ????? ???? ??????? ?? ??? ???? IPSec ?? ????? ???? ???? ??, ???? ????????? ??? ????? Kerberos ?? RSVP ????????? ?? ??? exemptions ???????? ??? ???? ?? ??? ???? ???? ?? ???? ??? ????? ????????? ?? ??? Microsoft ???????? ??? ???? ????? ?? ??? ????? ???? ?????? ?? ????? ????:
254728IPSec Kerberos ???????? ???? ????? ???????? ?? ??? ???????
?? ????????? ?? ?????, ?? ?? ??? ?? ???? ???? attackers ???? ???? ????? ????? ?? ??? Kerberos ?????? ??? ?? UDP 1434 ?? ??????? ?? TCP/UDP 88 ?????? ??? ?? Kerberos exemptions ?? ????? ?? Kerberos ????? ????? ?? ???? ?? ??? IPSec ???? ??? ??? ??????? ?? ???? ?????, Kerberos ?? ???? ?? IPSec ?? ???? ????????, ????? ???? ??? ?? ?? ?????? ??? ?????, ??? IPSec ?????? ???? ?? ??? ????? ???????? IP ??? ???? Kerberos ??????? ?? ??? ???? ??, ?? ?? ???? ?? ???? (??? ?? ????? ???? ?? ??? IPSec ??????? ??? ??? ???? ?? ??? ????? ???????? ?? ??? ??? ????? ??? ???? 254728 ?? ??? ??? ???????) Kerberos ??????? ???????? ????? ???????? IP ??? ???? ?? ??? ?????? ???? ?? ??? ?? ??????? ?????? ?? ??? ??????? IPSec ???? ?? ????? ?? ????

IPSec ?????? ???? ?? ???????? ?? ????????? ???????? ????

??? IPSec ??????? IPSec ???? ????? ???? ?? ????? ???? ??? ?? ?? ?????? ???? ???? Windows 2000-?????? ???????? ??????? ???? ?? ????????? ??? ??, ?? IPSec ???? ????? ???? ???? ?? necessarily ???? ???? ?? ??????? ???? ?? ???? ?????, ?? ???? ?? ??? ????????? ???? ?? ?? ???????? ??????? ??????? ????? ?? ???? ????? ?? ????? ????????? ??? ???? ?? ?????? ???? ?? ????? ??????? ????????? ???? ??????????? ??????? ?? ??? ?? ?? ??????? ??????? ?? ???? IPSec ???? ????? ???? ?? ???? ??? ?? ??????? ???? ??? ?? ??? ??????? ?? ????? ???? ??? ??, ?????? ??? ???? ?????

???

???? ID: 813878 - ????? ???????: 11 ??????? 2011 - ??????: 3.0
???? ???? ???? ??:
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows Server 2003, Web Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
??????: 
kbhowto kbmt KB813878 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:813878

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com