Microsoft KB Archive/253740

= Predefined IPSec Policies Documentation Errors in Windows 2000 Help =

Article ID: 253740

Article Last Modified on 3/1/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition

-



This article was previously published under Q253740



SUMMARY
This article identifies two documentation errors in the "Predefined IPSec policies, overview" section of Windows 2000 Help and provides the correct information.



Incorrect information in the "Predefined policies" Help topic
Secure Server (Require Security)

This is used for computers which always require secure communications. An example would be a server which transmits highly sensitive data, or a security gateway which protects the intranet from the outside. This policy rejects unsecured incoming communications, and outgoing traffic is always secured. Unsecured communication will not be allowed, even if a peer is not IPSec-enabled.

Corrected information for the "Predefined policies" Help topic
Secure Server (Require Security)

This policy is an example policy for computers on the internal network that require secure communications, such as a server that transmits highly sensitive data. This is an example policy only. Administrators must customize their own IPSec policy for production use. The filters used in this policy will require all outbound communication to be secured. This is only useful for testing. Use this policy to test with the Client (Respond Only) policy.

Incorrect Information in the "Predefined filter actions" Help topic
Require Security. High security. Unsecured communication will not be allowed.

Corrected Information for the "Predefined filter actions" Help topic
Require Security

High security designed to request IPSec protection for packets which match the corresponding filters. This has a setting to allow the receipt of unsecured incoming initial communication (e.g. connection request), and will cause the computer to attempt to secure both directions of traffic by requesting IPSec security with the sender of the unsecured traffic. This filter action must not be used on the Internet to avoid potential denial of service attacks.

Keywords: kbdocerr kbinfo kbipsec KB253740

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.