win2012ipsec过滤行为

Win2012中的IPSec过滤行为指的是根据IPSec策略对网络流量进行过滤和保护的行为。IPSec是一种用于保护网络通信的协议，它通过加密和认证数据包来保护数据在传输中的安全性。

在Win2012中，可以通过配置IPSec策略来限制和保护网络流量。IPSec策略可以定义哪些流量需要加密、哪些流量需要认证、哪些流量不允许通过等规则。当网络流量匹配了相应的IPSec策略后，IPSec会自动对数据包进行加密、认证和过滤。

通过IPSec策略，可以实现以下过滤行为：

1.加密：可以对敏感数据进行加密保护，防止数据在传输过程中被窃听。

2.认证：可以对数据包进行认证，确保数据包的真实性和完整性。

3.过滤：可以根据IPSec策略对网络流量进行过滤和限制，防止未经授权的访问和攻击。

总之，Win2012中的IPSec过滤行为可以帮助保护网络通信的安全性，防止数据在传输过程中被窃听、篡改和攻击。

相关问题

win10 C++ 实现 ipsec

实现IPSec需要了解IPSec协议和相关的API。IPSec是一种网络层协议，用于提供网络安全服务，包括身份验证和加密。在Windows平台上，可以使用Windows IPsec API来实现IPsec。

在Windows平台上实现IPSec需要以下步骤：

1. 创建IPsec策略和规则：使用Windows IPsec Policy Agent API创建IPsec策略和规则，以指定IPsec的参数和规则。

2. 配置IPsec策略：使用Windows IPsec Configuration API将IPsec策略应用于网络适配器或网络连接。

3. 监视IPsec连接：使用Windows IPsec Diagnostic API监视IPsec连接，并获取相关的诊断信息。

4. 清除IPsec策略：使用Windows IPsec Policy Agent API删除IPsec策略和规则。

下面是一个简单的示例代码，用于创建和应用IPsec策略：

#include <windows.h>
#include <stdio.h>
#include <ipsec.h>

int main(int argc, char* argv[])
{
    DWORD dwError = 0;
    HANDLE hPolicyStore = NULL;
    IPSEC_POLICY_STORE_INFO PolicyStoreInfo;
    IPSEC_POLICY_INFO PolicyInfo;
    IPSEC_FILTER Filter;
    IPSEC_NEGOTIATION_POLICY NegotiationPolicy;
    IPSEC_SECURITY_METHOD SecurityMethod;
    IPSEC_SA_LIFETIME Lifetime;
    GUID gPolicyID;
    GUID gFilterID;
    GUID gNegPolID;
    GUID gMethodID;

    // Open the IPsec policy store
    dwError = IpsecOpenPolicyStore(
        POLSTORE_LOCAL,
        NULL,
        NULL,
        0,
        &hPolicyStore
    );
    if (dwError != ERROR_SUCCESS) {
        printf("IpsecOpenPolicyStore failed with error %d\n", dwError);
        return 1;
    }

    // Set the policy store information
    ZeroMemory(&PolicyStoreInfo, sizeof(PolicyStoreInfo));
    PolicyStoreInfo.dwVersion = IPSEC_POLICY_STORE_INFO_VERSION;
    PolicyStoreInfo.pszLocationName = L"My IPsec Policy Store";
    PolicyStoreInfo.pszFileName = L"C:\\Windows\\System32\\ipsec.pol";

    dwError = IpsecSetPolicyStoreInfo(
        hPolicyStore,
        &PolicyStoreInfo
    );
    if (dwError != ERROR_SUCCESS) {
        printf("IpsecSetPolicyStoreInfo failed with error %d\n", dwError);
        goto cleanup;
    }

    // Create the IPsec policy
    ZeroMemory(&PolicyInfo, sizeof(PolicyInfo));
    PolicyInfo.dwVersion = IPSEC_POLICY_INFO_VERSION;
    PolicyInfo.pszIpsecName = L"My IPsec Policy";
    PolicyInfo.dwNumNFATransactions = 1;
    PolicyInfo.pIpsecNFAData = (PIPSEC_NFA_DATA)LocalAlloc(LPTR, sizeof(IPSEC_NFA_DATA));
    if (PolicyInfo.pIpsecNFAData == NULL) {
        dwError = GetLastError();
        printf("LocalAlloc failed with error %d\n", dwError);
        goto cleanup;
    }

    // Create the IPsec filter
    ZeroMemory(&Filter, sizeof(Filter));
    Filter.dwVersion = IPSEC_FILTER_VERSION;
    Filter.pszFilterName = L"My IPsec Filter";
    Filter.u.IPVersion = IPSEC_PROTOCOL_V4;
    Filter.SrcAddr.AddrType = IPSEC_ADDR_SUBNET;
    Filter.SrcAddr.uIpAddr = inet_addr("192.168.0.0");
    Filter.SrcAddr.uSubNetMask = inet_addr("255.255.255.0");
    Filter.DestAddr.AddrType = IPSEC_ADDR_SUBNET;
    Filter.DestAddr.uIpAddr = inet_addr("10.0.0.0");
    Filter.DestAddr.uSubNetMask = inet_addr("255.0.0.0");
    Filter.Protocol.ProtocolType = IPSEC_PROTOCOL_UDP;
    Filter.SrcPort.PortType = IPSEC_PORT_SPECIFIC;
    Filter.SrcPort.wPort = htons(500);
    Filter.DestPort.PortType = IPSEC_PORT_SPECIFIC;
    Filter.DestPort.wPort = htons(500);

    // Create the IPsec negotiation policy
    ZeroMemory(&NegotiationPolicy, sizeof(NegotiationPolicy));
    NegotiationPolicy.dwVersion = IPSEC_NEGOTIATION_POLICY_VERSION;
    NegotiationPolicy.pszIpsecName = L"My IPsec Negotiation Policy";
    NegotiationPolicy.dwFlags = IPSEC_NFA_POLICY_OFFERS;
    NegotiationPolicy.dwNumAuthMethods = 1;
    NegotiationPolicy.pIpsecAuthMethods = (PIPSEC_AUTH_METHOD)LocalAlloc(LPTR, sizeof(IPSEC_AUTH_METHOD));
    if (NegotiationPolicy.pIpsecAuthMethods == NULL) {
        dwError = GetLastError();
        printf("LocalAlloc failed with error %d\n", dwError);
        goto cleanup;
    }

    // Create the IPsec security method
    ZeroMemory(&SecurityMethod, sizeof(SecurityMethod));
    SecurityMethod.dwVersion = IPSEC_SECURITY_METHOD_VERSION;
    SecurityMethod.dwFlags = IPSEC_SECMETHOD_FLAG_NEGOTIATION;
    SecurityMethod.pszSecurityMethodName = L"My IPsec Security Method";

    // Set the IPsec security method lifetime
    ZeroMemory(&Lifetime, sizeof(Lifetime));
    Lifetime.uKeyExpirationTime = 3600;

    // Add the IPsec filter to the IPsec policy
    dwError = IpsecAddFilter(
        hPolicyStore,
        &Filter,
        &gFilterID
    );
    if (dwError != ERROR_SUCCESS) {
        printf("IpsecAddFilter failed with error %d\n", dwError);
        goto cleanup;
    }

    // Add the IPsec security method to the IPsec policy
    dwError = IpsecAddSecurityMethod(
        hPolicyStore,
        &SecurityMethod,
        &Lifetime,
        &gMethodID
    );
    if (dwError != ERROR_SUCCESS) {
        printf("IpsecAddSecurityMethod failed with error %d\n", dwError);
        goto cleanup;
    }

    // Add the IPsec negotiation policy to the IPsec policy
    NegotiationPolicy.pIpsecAuthMethods[0].dwAuthType = IPSEC_AUTH_TYPE_PRESHARED_KEY;
    NegotiationPolicy.pIpsecAuthMethods[0].pAuthInfo = (LPVOID)LocalAlloc(LPTR, sizeof(IPSEC_PRESHARED_KEY));
    if (NegotiationPolicy.pIpsecAuthMethods[0].pAuthInfo == NULL) {
        dwError = GetLastError();
        printf("LocalAlloc failed with error %d\n", dwError);
        goto cleanup;
    }
    ((PIPSEC_PRESHARED_KEY)NegotiationPolicy.pIpsecAuthMethods[0].pAuthInfo)->pszKey = L"MySharedSecret";

    dwError = IpsecAddNegotiationPolicy(
        hPolicyStore,
        &NegotiationPolicy,
        &gNegPolID
    );
    if (dwError != ERROR_SUCCESS) {
        printf("IpsecAddNegotiationPolicy failed with error %d\n", dwError);
        goto cleanup;
    }

    // Add the IPsec NFA to the IPsec policy
    PolicyInfo.pIpsecNFAData[0].dwVersion = IPSEC_NFA_DATA_VERSION;
    PolicyInfo.pIpsecNFAData[0].pszIpsecName = L"My IPsec NFA";
    PolicyInfo.pIpsecNFAData[0].dwFlags = IPSEC_NFA_POLICY_OFFERS;
    PolicyInfo.pIpsecNFAData[0].dwTunnelFlags = IPSEC_TUNNEL_FLAG_PMTUD;
    PolicyInfo.pIpsecNFAData[0].dwAuthMethodCount = 1;
    PolicyInfo.pIpsecNFAData[0].ppAuthMethods = &gMethodID;
    PolicyInfo.pIpsecNFAData[0].pInboundFilter = &gFilterID;
    PolicyInfo.pIpsecNFAData[0].pOutboundFilter = &gFilterID;
    PolicyInfo.pIpsecNFAData[0].pNegPol = &gNegPolID;

    dwError = IpsecSetPolicyData(
        hPolicyStore,
        &PolicyInfo,
        &gPolicyID,
        NULL,
        NULL
    );
    if (dwError != ERROR_SUCCESS) {
        printf("IpsecSetPolicyData failed with error %d\n", dwError);
        goto cleanup;
    }

    // Apply the IPsec policy to the network adapter
    dwError = IpsecApplyPolicy(hPolicyStore, &gPolicyID, NULL);
    if (dwError != ERROR_SUCCESS) {
        printf("IpsecApplyPolicy failed with error %d\n", dwError);
        goto cleanup;
    }

    printf("IPsec policy applied successfully!\n");

cleanup:
    if (hPolicyStore != NULL) {
        IpsecClosePolicyStore(hPolicyStore);
    }
    if (PolicyInfo.pIpsecNFAData != NULL) {
        LocalFree(PolicyInfo.pIpsecNFAData);
    }
    if (NegotiationPolicy.pIpsecAuthMethods != NULL) {
        LocalFree(NegotiationPolicy.pIpsecAuthMethods[0].pAuthInfo);
        LocalFree(NegotiationPolicy.pIpsecAuthMethods);
    }
    return dwError;
}

这个示例代码创建了一个IPsec策略和规则，以将网络适配器上的流量从源地址192.168.0.0/24发送到目标地址10.0.0.0/8时进行加密和身份验证。它使用了IPsec的预共享密钥身份验证方法，并将密钥设置为“MySharedSecret”。在实际使用中，还需要根据具体需求进行适当的配置和修改。

win7设置ipsec_解决win7连接IPsec报错789和809错误

若您在Win7上设置IPSec时出现了连接IPsec报错789和809错误，可以尝试以下方法进行解决：

1. 确认您的网络连接已启用IPSec。打开“控制面板”并选择“网络和共享中心”，在左侧菜单中选择“更改适配器设置”，找到您要使用IPSec的网络连接，右键单击并选择“属性”，在“网络属性”对话框中，选择“安全”选项卡，确认“IPSec”选项已勾选。

2. 确认您的预共享密钥和加密算法设置正确。预共享密钥必须与另一端的预共享密钥相同，加密算法和身份验证协议也必须与另一端相同。

3. 禁用防火墙或添加IPSec例外。防火墙可能会阻止IPSec通信，您可以暂时禁用防火墙并尝试连接IPSec。如果禁用防火墙后可以连接，则需要添加IPSec例外来允许IPSec通信。

4. 确认您的系统已更新到最新版本。Win7的一些更新可能包含修复IPSec连接错误的补丁。

5. 重置网络适配器。打开命令提示符并输入以下命令：netsh int ip reset，然后按Enter键。重启计算机后，尝试重新连接IPSec。

希望以上方法能够帮助您解决连接IPsec报错789和809错误的问题。