Share via


Dialog Box: Customize IPsec Tunnel Authorization

Updated: January 20, 2009

Applies To: Windows 7, Windows Server 2008 R2

Use these settings to specify which users or computers are authorized to initiate a tunnel connection to the local computer. These settings only apply to inbound connections. Tunnel connections initiated by the local computer are not subject to these authorization settings.

Note

These settings only apply to tunnel mode rules that have the Apply authorization option enabled on the Customize IPsec Tunneling Settings dialog box.

To get to this dialog box

  1. In the Windows Firewall with Advanced Security MMC snap-in, in Overview, click Windows Firewall Properties.

  2. Click the IPsec Settings tab.

  3. Under IPsec tunnel authorization, select Advanced, and then click Customize.

Computers tab

Use this tab to identify computers or computer groups that are authorized to create tunnel mode connections to the local computer.

Authorized computers

Only allow connections from these computers

Select this option to specify which computers can create a tunnel mode connection to the local computer.

If you select the check box, then Add is enabled. Click Add, and then specify the computer or group accounts in the Active Directory Object Picker dialog box.

To remove a computer or group from the list, select the computer or group, and then click Remove.

Exceptions

Use this section to identify computer or group accounts that are denied permissions to create tunnel mode connections to the local computer. If a computer attempting a connection is listed in both the Authorized computers and Exceptions boxes, either directly or as a member of a group, the exception takes priority and the connection is blocked.

Deny connections from these computers

Select this option to specify which computers are prohibited from creating a tunnel mode connection to this computer.

If you select the check box, then Add is enabled. Click Add, and then specify the computer or group accounts in the Active Directory Object Picker dialog box.

To remove a computer or group from the list, select the computer or group, and then click Remove.

Users tab

Use this tab to identify users or user groups that are authorized to create tunnel mode connections to the local computer.

Authorized users

Only allow connections from these users

Select this option to specify which users can create a tunnel mode connection to this computer.

If you select the check box, then Add is enabled. Click Add, and then specify the user or group accounts in the Active Directory Object Picker dialog box.

To remove a user or group from the list, select the user or group, and then click Remove.

Exceptions

Use this section to identify user or group accounts that are denied permissions to create tunnel mode connections to the local computer. If a user attempting a connection is listed in both the Authorized users and Exceptions boxes, either directly or as a member of a group, the exception takes priority and the connection is blocked.

Deny connections from these computers

Select this option to specify which users are prohibited from creating a tunnel mode connection to this computer.

If you select the check box, then Add is enabled. Click Add, and then specify the user or group accounts in the Active Directory Object Picker dialog box.

To remove a user or group from the list, select the user or group, and then click Remove.