IPSEC: export filtering settings

  • Thread starter Thread starter Markus Schwarz
  • Start date Start date
M

Markus Schwarz

Hello everybody,

I am trying to export manually applied filtering rules from one winxp system
to a second system.
Unfortunately this does not work.

Using the secpol.mmc I choose "All tasks" -- "export" and save a file
"name.ipsec" on conputer A.

After copying this file to computer B I choose "All tasks" -- "import" and
select the .ipsec-file.
But nothing happens. No error message but nothing else either.

What can I do?

And another question as well - when selecting the export function, is every
single
setting exported? I have several filter settings "installed", one of these
is active.
Is just this one setting exported or all other settings as well?

Thanks in advance

Markus
 
Markus,

1. Just to be clear, you should be using the IPSec Mgmt Snap-in to export
and import IPSec Policies.
If so, what you did should work.
A few things to check -
a. Is the policyagent running on the second machine.
Do a net start and see if policyagent shows up in the list.
If not do a net start policyagent.

b. After the import check the registry for any sign of the IPSec Policy.
The key is as follows:
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

2. The export should export ALL IPSec Policies in the list.



Louise
IPSec Test Team
[MSFT]
 
Yes, you'll need to specifically export from within the IPSec Management
entry. The basic secpol export feature will give you "pointers" to the ipsec
policy, but not the policies themselves as that data is stored in a location
that is not known to secpol.

So with secpol running, navigate down to the IP Security entry and select
action\all tasks\export policies. When importing to the second computer do
the same but select import policies.

--
David
Microsoft Windows Networking
This posting is provided "AS IS" with no warranties, and confers no rights.

Louise Bowman said:
Markus,

1. Just to be clear, you should be using the IPSec Mgmt Snap-in to export
and import IPSec Policies.
If so, what you did should work.
A few things to check -
a. Is the policyagent running on the second machine.
Do a net start and see if policyagent shows up in the list.
If not do a net start policyagent.

b. After the import check the registry for any sign of the IPSec Policy.
The key is as follows:
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local

2. The export should export ALL IPSec Policies in the list.



Louise
IPSec Test Team
[MSFT]

--
This posting is provided "AS IS" with no warranties, and confers no
rights.
Markus Schwarz said:
Hello everybody,

I am trying to export manually applied filtering rules from one winxp system
to a second system.
Unfortunately this does not work.

Using the secpol.mmc I choose "All tasks" -- "export" and save a file
"name.ipsec" on conputer A.

After copying this file to computer B I choose "All tasks" -- "import"
and
select the .ipsec-file.
But nothing happens. No error message but nothing else either.

What can I do?

And another question as well - when selecting the export function, is every
single
setting exported? I have several filter settings "installed", one of
these
is active.
Is just this one setting exported or all other settings as well?

Thanks in advance

Markus
Click to expand...
Click to expand...
 
Thank you, Louise and David,

I will try again tonight and tell you what happened.

Markus
 
Hi again,

well, I did as you said.
I opened secpol.msc instead of using the control panel.
But the interface was the same I used before.
Right-clicking on "IP Security", selected "All tasks" and "export".
Again I save a file "settings.ipsec" which
I copied over to the second computer. But again nothing happened
when I selected "import" from the "all tasks" menue.
I selected the file and opened it but nothing happened.

I checked the registry but I didn't find any of my defined rules
neither did I find the imported policy
There is for example a rule I defined named "block various".
I can find this rule in the exported file and I can find it within
the registry of the source system.
But no trace of it on the destination system (registry).

"net start" shows policyagent running on both systems.

What else can I do?
I did a windowsupdate just to make
sure my systems are both up-to-date.

Hm, besides the problem I have
importing the policy - maybe I don't need this
policy at all - the second computer is not directly
connected to the internet - it uses the ICS running on the first system.
Do I need security policies for RAS connections on a ICS client?

Markus
 
Hi again,

I've been playing around a little bit with the
import/export function.

I found a website where I downloaded
example *.ipsec files.
When I tried to import these on the second machine
everything worked well!

It seems as if not importing the policies onto
the second machine is my problem
but exporting them from the first machine...

What would happen if I'd use "regedit"
to export the registry key containing the policies
from computer a and import it to the registry
of computer b?
Is this an alternative way I could try?
I wouldn't dare to try without asking :-)

Thanks

Markus
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Excel Export Filtered Form Data To Excel 0
Exporting filtered set 1
Lock-Ups ERROR - IPSec Service 3
two questions on exporting from a form 3
IPSec Services 2
Access Access Select Query is cleared out after exporting 5
export to excel from filtered datasheet 2
SecEdit.exe /export and Windows XP prof ? 1

Back
Top