To configure the IPSec policy filter: 1.) Open Control Panel --> Administrative tools --> Local Security Policy. Right click IP Security Policies on Local Machine and select Import Policies from the "all tasks" submenu. Highlight the policy file (XP or Win2K) and click Ok. 2.) Right click the (XP_Policy or Win2K_Policy, depending on your system) file and click assign. The policy is now enabled with the default settings, which include: CMU Network Access (128.2.*.*) - Permit Non-CMU NetBIOS traffic (Windows Networking) Ports - Block Non-CMU SQL Server Ports - Block Non-CMU FTP (File Transfer PRotocol) Ports - Block Non-CMU HTTP (Web Server) Ports - Block Non-CMU Arcserve Ports - Block Non-CMU Simple TCP/IP (CharGen, QOTD) Services - Block Non-CMU SNMP Traffic (Network Management) - Block Non-CMU Telnet Service (Remote Shell) - Block The "Policy Assigned" column will show "yes" for the CMU_SCS_1_2003rev1 policy, along with a small green indicator in the policy icon. 3.) To enable default blocked service access inbound from non-CMU hosts (Web for example), double click the "CMU_SCS_1_2003rev1" policy and clear the checkbox for the appropriate item. To grant a specific external IP, DNS realm or Subnet access to the service, Right Click the "IP Security Policies on Local Machine" and select "Manage IP filter lists and filter actions". Edit the CMU address range, adding the additional external network parameters. Leave the Default Response action selection blank. Troubleshooting: - Right clicking the policy and selecting "Unassign" will enable all TCP/IP traffic to the host. - Clearing a particular check box will disable that portion of the policy only. - Only one IPSec agent can be active on a machine at any one time. This means that the policy cannot be used concurrently on a machine that is running the Cisco VPN client. The "Cisco Systems, Inc. VPN Service" must be stopped before the "IPSEC Services" service can be started.