Exporting and Importing IPSec Policy

Once you've defined domain-based IPSec policy, you might want to import or export them. In order to back up or restore IPSec policy objects in the IP Security Policies container in Active Directory, you need to use the IP Security Policy Management snap-in in the MMC.You can also use the netsh.exe command-line utility with the IPSec context to perform these actions. As shown in Figure 5.9, you can import or export IPSec policy for the local computer for the domain. In this case, the IP Security Policies on Active Directory (domain) is selected. To export the policy, right-click, select All Tasks, and then select Export Policies. Notice this is also where you can create new IP security policy or manage IP filter lists and actions. If you want to create a new domain-based IP security policy, you would select Create IP Security Policy from the menu, as shown in Figure 5.9.

Figure 5.9 Export IPSec Policy via IP Security Policy Management Snap-In

Figure 5.9 Export IPSec Policy via IP Security Policy Management Snap-In

When you use the Export Policies command, all IPSec policy objects are stored in one file given an extension of .ipsec. When you import policies, you can import .ipsec files into the destination policy stores. If you import IPSec policy into Active Directory (as you would do if you were to have the Active Directory level open, as is the case in Figure 5.9), you would overwrite existing IPSec policy objects.This can be good if you believe your Active Directory IPSec policy is corrupted or incorrect and you want to restore from a known good file. However, if you do not want to overwrite existing values, do not import into Active Directory. If you suspect your IPSec policies in Active Directory are corrupted, you can import the .ipsec file via the snap-in or via the netsh ipsec static importpolicy command. It's important that you leave either the snap-in or the command-line utility (depending on your method) open long enough to complete the import or export. Closing either before all IPSec policy data has been written could result in corruption.

Exam Warning_

If IPSec policy is corrupted, you must delete IPSec policy objects so new IPSec policy can be successfully imported. If you are managing IPSec over slow WAN links, transfer the IPSec policies in .ipsec export files by copying the file to the remote computer first. Then, use Remote Desktop Connection to connect to the remote computer and perform the operation.

Was this article helpful?

0 0
Computer Hard Drive Data Recovery

Computer Hard Drive Data Recovery

Learn How To Recover Your Hard Drive Data After A Computer Failure.

Get My Free Ebook


  • tommy
    How to import ipsec file?
    1 year ago
  • arsi hatakka
    How to export IPSEC local policies?
    2 months ago

Post a comment