1. Daniel Reightley
3.3.2016
IPSecTunnelingthroughGroupPolicies
Upon successfulcompletion of thiswalkthrough you should beableto create a Group Policy thatcreates
a tunnelthrough thefirewall thatallowstraffic to be encrypted between a setrangeof IPAddress
endpoints(clients) and theserver.
Requirements:
-Server2012 to be installed
1. Beginbyopeningthe ServerManager
2. From the ToolsMenu inthe Top-Rightportionof the window,scroll downandselect Group
PolicyManagement.

2. 3. Right-Clickon your domainname andselect Create a GPO inthis domain, and linkit here...
a. Name yourGPO (I've namedmine IPSec)

3. 4. Right-Clickyour GPO andselect Edit.

4. 5. ComputerConfiguration->WindowsSettings->SecuritySettings->WindowsFirewall with
Advanced Security->ConnectionSecurityRules. Right-Click and selectNewRule.

6. 6. Beginrunningthroughthe NewRule Wizard
7. For Rule Type,select Custom,followedby Next.
8. For Endpoint1, select Add.Assignarange of addressesforEndpoint1.(Note:Thesearethe
client machines)

7. 9. For Endpoint2, select Add.SelectRequestauthenticationforinboundand outbound
connections,thenselectNext.

8. 10. For the Authenticationmethod,select Default.

9. 11. In Protocol andPorts leave the 'Protocol type'setto Any. (Thiswill encrypttrafficacrossall
ports)

10. 12. Selectall networktypes.

11. 13. Name yourrule.Adda descriptionasneeded.Select Finish.

12. 14. Navigate backto the Connection Security Rulessectionof the GroupPolicyManagementEditor.
In the rightwindowyoushouldsee yournew rule name withall of itsvariablesandcheckthatis
labeled Yesunderthe Enabled column.

13. 15. From the desktop,openthe Powershell ProgramwithAdministrative Permissions.
16. Type 'gpupdate /force' and waituntil itfinishesupdating(Thismaytake some time)
17. Repeatsteps15 & 16 on the endclientmachines.