Filter Actions

The filter action sets the security requirements for the communication. These requirements are specified in a list of security methods contained in the filter action, including which algorithms, security protocols, and key properties are to be used.

A filter action can also be configured as:

• A pass-through policy: one that does not allow secure communication. IPSec simply ignores traffic in this case. This is appropriate for traffic that cannot be secured because the remote computer is not IPSec-enabled, traffic that is not sensitive enough to require protection, or traffic that provides its own security (for example, Kerberos, SSL, PPTP protocols).
• A blocking policy: to stop communication from a rogue computer.
• A policy that negotiates for security but still enables communication with non-IPSec-enabled computers. A filter action can be configured to use fall back to clear. If you need to configure a filter action like this, limit the IP Filter List to a minimal scope. However, it should be used with extreme caution: any communications affected by that policy could result in data being sent without protection if negotiation fails for any reason. If the initiator of an IKE negotiation receives a reply from the responder, then the negotiation does not allow fallback to clear.

© 1985-2000 Microsoft Corporation. All rights reserved.