Configuring a Windows End-to-End Tunnel Policy
The only IPsec tunnel topology supported between an
NOTE: Do not configure any other rules in the policy with the
Outbound Tunnel Rule Requirements
The outbound tunnel rule must have the following parameters:
•Filter List: One filter, with the following parameters:
—Address:
◦Source address: the
◦Destination address: this must be a specific IP address and must be the Windows system's address.
◦Mirrored: no (the Mirrored box is cleared).
—Protocol Type: none (wildcard). The Windows documentation states that the filters in tunnel rules must not specify protocols or ports to ensure that IP Security can correctly process IP fragments.
•Tunnel Setting
—Tunnel endpoint: the
Inbound Tunnel Rule Requirements
The inbound tunnel rule must have the following parameters:
•Filter List: One filter, with the following parameters:
—Address:
◦Source address: the Windows system's address.
◦Destination address: this must be a specific IP address and must be the
◦Mirrored: no (the Mirrored box is cleared).
—Protocol Type: none (wildcard).
•Tunnel Setting
—Tunnel endpoint: the Windows system's address. This is the address of the tunnel endpoint closest to the destination. Since this is an
Configuring a Tunnel Rule
Use the following procedure to configure an outbound or inbound tunnel rule.
5.You can also configure an IPsec topology where packets exchanged between an
Configuring a Windows