How can I export an IPSec Policy from one computer and import it to another computer?
As written in previous articles (see related articles at bottom of page), Windows 2000/XP/2003 machines have a built-in IP security mechanism called IPSec (IP Security). IPSec is a protocol that’s designed to protect individual TCP/IP packets traveling across your network by using public key encryption. Besides encryption, IPSec will also let you protect and configure your server/workstation with a firewall-like mechanism.
When working on one single computer you can easily set up and assign IPSec Policies either from the Command Prompt by using the NETSH command, or from an MMC console that’s loaded with the IP Security snap-in.
However when working with more than one computer, one might need a better way than going through each computer and re-configuring the IPSec Policy. We need a method in which we can use the same IPSec Policy on multiple computers, or at least have the same policy set up on a number of computers.
One method of configuring many computers to use the same IPSec Policy is to Configuring IPSec Policies through GPO. However in this article we will use the second method – exporting the IPSec Policy to an .IPSEC file, then importing this file to other computers.
There are 2 methods for exporting and importing IPSec Policies:
Probably easier for most people.
Export
Important Security Warning: Exporting IPSec Policies to a file might reveal pass phrases used by various IPSec Policies if file is stolen or left on a public share. If you’re using Kerberos or Digital Certificates in your IPSec Policies then there is no security issue.
Import
Requires a bit of Command Prompt knowledge, but still quite useful for batch operations.
Export
Open a Command Prompt and type:
netsh ipsec static exportpolicy c:'temp'ipsec_policy.ipsec
Import
Open a Command Prompt and type:
netsh ipsec static importpolicy c:'temp'ipsec_policy.ipsec
You may find these related articles of interest to you: