Hi, I can't seems to find out how we can create IPsec rules for specific protocol (say only port 23). Everytime when I create a connection security rules, it applies to all protocols. Am I missing something? Cheers

I think you missed it indeed The steps to do this:Assuming that you already have the IP Security Policy created (also have an IP filter created)Double click the IP security policy, next select the existing IP Filter List click on Edit.In this dialog box select the IP Filter again, next click on Edit once again.Almost done here... hang on Click the IP filter in the lower pane, click on Edit (ok I promise this is the last time...)On this dialog box select the Protocol tab. Here you can specify the specific protocol (in your case TCP) and the specific source and destination port (in your case 23)If need a helping hand on creating the IP security policy aswell let me know.

It sounds like you are trying to create these rules (Connect Security Rules) with the WS08 Windows Firewall with Advanced Security MMC Snap in. First off, take a look at this intro/step-by-step guide to better familiarize yourself with the way the new UI works:http://www.microsoft.com/downloads/details.aspx?FamilyId=DF192E1B-A92A-4075-9F69-C12B7C54B52B&displaylang=en As for creating port specific IPsec rule, you can do this one of two ways. You could either create a new Inbound and/or Outbound filter (Firewall Rule), detail the port (or port range) you wish to protect with IPsec on the first step of the RuleWizard (i.e. Rule Type). When you get to the Action tab, you should select "Allow the connection if it is secure" and optionally check the "Require the connections to be encrypted" checkbox if you wish to do both IPsec authentication and encryption. What happens behind the scenes is we create both a firewall filter and plumb down the appropriate IPsec filters and actions for this port. Let me know if this does the trick... Cheers,Ian

Thanks for the respond. I was confuse because I thought that Connection Security Rules is a replacement for Ipsec policy but it seems that the old ways of creating IPsec policy via the mmc is still availabe. If I understand Ian correctly, by creating a Inbound/outbound rule and selecting the Auth and encryption requirements, it will create invisible ipsec policy behind the scene. But what if I wanted to customize the settings, like choosing Certificate for authentication instead of Kerberos? Cheers