Set up an IP Security Policy Rule for Windows 2008 and 2003

1. Log into your Windows Server. Once you have logged in, click on "Start" > "Run" and type MMC and then press ok / enter.
2. The Windows MMC (Microsoft Management Console) will appear. In the Console click "File" > "Add/Remove Snap-in".
3. You will now need to browse for "IP Security Policy Management" and highlight it. Once it is highlighted, click "Add" that is located in the middle pane.
4. You will need to select the computer or domain you want to add the snap-in for. Choose "Local Computer" and click "Finish".
5. Now click "OK".
6. You will be back at the console but you will now have "IP Security Policies on Local Computer" listed. Right click on "IP Security Policies on Local Computer" and then select "Create IP Security Policy".
7. You will now be at the IP Security Policy Wizard screen. Click Next to continue.
   
    
   8.You will now need to name your policy. For this article we are blocking an IP address, so call it "Block IP Address ", give it a description and then click "Next"
   
   
   
   
   
   
   
   9. You will be prompted to "Activate the default response rule", however this only applies to previous versions of Windows such as Windows Vista and Windows 2003. Leave this unchecked and click "Next
   
   
   10. You policy is now created. Click "Finish" to proceed.
   
   
    11. You will now be at the properties screen for your new policy. Click "Add" to continue.
   
   
   12. You will now be at the "Welcome to the Create IP Security Rule Wizard". Click "Next".
   
   
    13.You will now see the "Tunnel Endpoint" screen. Select "This rule does not specify a tunnel and click "Next". 
   
   
   14. For your network type, select "All Network Connections and click "Next".
   
   
   15. You will now be at the "IP Filter List". Here you can specify the ruleset for your policy. You're your rule a name and click "Add" to setup a custom rule.
   
   
   16. You will now be able the IP Filter Description and Mirrored Property Screen. Leave the "Mirrored" option checked and click "Next".
   
   
   17. Now you will be able to select the source address for your rule. Since we want to block an IP Address, we need to select "A specific IP Address or Subnet".
   
   
   18. Once you select this rule, you will now be able to specify the IP or Range. Fill in the IP or Range and click "Next".
   
   
   19. Now we will need to select the "Destination Address". Change this to "My Address" and click "Next".
   
   
   20. You will need to specify the protocol. Select TCP and Click "Next".
   

   
   21. Now you can specify the port that you want to block the IP or IP's from accessing. This is very useful if you want to block HTTP or MSSQL, etc. For this example we will select HTTP so we will need to choose port 80. So leave the from port to "Any Port" and the to port at "To this Port" and fill the box with 80. Now click "Next".
   
   
   22.You will have now completed your rule. Click on "Finish" to close the wizard. 
   
   
    23.Now you will need to enable the rule. To do this, make sure it is selected at the "IP Filter List". Then click "Next".
   
    
   24. Click "Add". You will be taken to the "IP Security Filter Action Wizard". Click "Next".
   

   
   25. You will need to name the Action. For this article we will call is Block IP. Then Click "Next"
   26. Now you will need to select the action behavior. You will have 3 chooses; Permit, Block or Negotiate Security. Choose "Block" and click "Next" and then at the next screen click "Finish".
   
   
   27.Make sure the IP Action is also selected and then click "Next" 
   
   
   28.You will now be at the Policy Properties again. Make sure the new rule is selected and click "Apply" and then "OK". 
   
   
   29. Finally you will be back at the console screen. Right click on the new policy and click "Assign". This will activate the rule.
   
   
   You have successfully created an IPsec policy and activated it. 
   
   
   

   How to Block an IP Address using IPSec on 2003

   
   

   This article will walk you through how to block an individual IP address from accessing your server, using an IPSec Security Policy.
   For various reasons, you may find yourself wanting to block a specific IP address from accessing your server.
   Simply following these instructions showing how to create an IPSec Security Policy specifying to block access to a specific IP address.
   
   1. Click on the Start Menu and Click on Run.
   
   

   

   
   2. Type "secpol.msc" and Click OK.
   
   

   

   
   
   
   
   3. When the Local Security Settings console opens, Click on "IP Security Policies on Local Computer".
   
   

   

   
   
   
   
   
   
   
   
   
   
   
   
   
   
   4.Right Click in the Right Window Pane and Click "Create IP Security Policy".
   
   

   

   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
    5.Click Next when the Wizard opens.
   
   

   

   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   6. Here you can name your new IPSec Security Policy. In this example, we named it "Blocked IPs". When you are ready, Click Next.
   
   

   

   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   7. Uncheck the box for “Activate the default Response Rule” and then click Next Button..
   
   

   

   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   8. On the Next screen remove the check for Edit Properties and Click Finish.
   
   9.Once you click on the Finish Button you will see the screen below along with your rule being added to the list. Now we will create an IP filter list to block IPs.
   
   10.Double click on the rule you have just create to open the properties window: 
   
    
   11. Since we have chosen to uncheck “Activate the default Response Rule” in Step 7 the Dynamic rule in not applied. Click on Add button to open Security Rule Wizard and Click again on Add button to open IP Filter List Wizard.
   
    
   12. You will have a screen some what in Figure 12. Put in the name of your list and Click on the Add button. 
   
    13. This will open another window for you to add IP and ports in the IP Filter list. In the Description box just put in the IP address that you want to block and make sure that you keep the check on the box for “Mirrored. Match packets with the exact appropriate source and destination addresses” and click on the Next button.
   
    
   14. Select My IP address in the Sources Address from the drop down list.
   
   
   
   15. You have many more options to select from the list for both in Sources and Destination Address. You will need some advanced knowledge to work with those option. We will select My IP address for now and click on Next button.
   
    
   16. In the IP Traffic Destination, select “A specific IP Address” and enter the IP address that you want to block on your machine. Here you can also select a sub net from the drop down and block the entire subnet. Once you finish entering an IP/Subnet, click on Next button.
   
   17.Here in IP Protocol Type you can define the protocol that you want to block, it can be any one from the list for example TCP, UDP, ICMP etc. We will select ANY which mean all connect from a specific IP address. If you select a protocol from the list andclick Next it will ask you to enter the port address that you want to block, example 80 (See Figure 17.2). But since we want to block all ports we will select Any and click Next (Figure 17.1) and then Finish.
   
   
   18. After you click on Finish button you will see that the rule has been added in the IP filter list. If you want to add more IP and subnets then click on the Add button to add another rule or block 2nd IP. Once you finish with it you will have rules as in Figure 18.2.
   
   
   
   
   19. Once your IP Filter List is complete click on the OK button to get back Security Rule Wizard. Select the IP filter list which you have created by clicking on the radio button and click Next.
   
   
   
   20. In the Next screen of Security Rule Wizard you will not see any Filter Action as Block as by default it is not created. We will create a Filter action to block connect by click on Add button.
   
   
   
   21.In the Name type “Block” and any discryption you like and click on Next. 
   
   
   
   22. In Filter Action General options select Block and click Next.
   
   23.And then on Finish to get back to Security Rule Wizard.
   
    24. This will add the Filter option as Block in the list, just click on radio button to select it and click Next.
   
    25. Click Finish to complete the security Rule Wizard.
   
    
   26. You will see the rule added in the list, you can add more rule with the same steps. Now just click OK to finish with the rules.
   
   
   
   27.Now since we have already created the rules to block desired IP address just right click on the IP Security Policy and select Assign to apply the rule on the server.
   
    There are allot many option to secure your entire server with IP security policy. You can create more rules to block every one on RDP port TCP 3389 and allow only select IPs. IP Security is IP and port based application and not Services based and you can create the rule as per your need.