Step By Step Windows SNMP Security Configuration and Encryption using IPSec [Part 2]

If you would like to read the other parts in this article series please go to:

• Step By Step Windows SNMP Security Configuration and Encryption using IPSec [Part 1]

• Step By Step Windows SNMP Security Configuration and Encryption using IPSec [Part 3]

Protecting Microsoft Windows SNMP service using IPSec

As Microsoft Windows SNMP service is vulnerable to network eavesdropping attacks, IPSec will be used to encrypt SNMP traffic between the SNMP agent Windows machine  and the SNMP Manager machine. 

Our lab includes one SNMP agent windows machine and two SNMP Managers, one of them based on MS Windows and the other one based on Ubuntu Linux, and to protect the SNMP traffic between SNMP Agent and Manager, so we need to do the following IPSec configuration:

• Configure IPSec between two Windows  Hosts

• SNMP Agent: Windows Server 2012 R2.

• SNMP Manager: Windows Server 2012 R2.

• Configure IPSec between Windows Host and Linux Host.

• SNMP Agent: Windows Server 2012 R2.

• SNMP Manager: Ubuntu Desktop Linux.

In the following steps we will  learn :

• How to configure IPSec on the SNMP Agent Windows machine to secure SNMP traffic with the SNMP Manager?

• How to configure IPSec on the SNMP Manager Windows machine to secure SNMP traffic with the SNMP Agent?

• How to configure IPSec on the SNMP Manager Ubuntu Linux machine to secure SNMP traffic with the SNMP Agent?

 Configuring IPSec in the SNMP Agent machine

1. From Windows Server 2012 R2 Server Manager click on Tools menu then click on Local Security Policy.

2. In the Local Security Policy windows left side click on IP Security Policies on Local Computer.

3. In the Local Security Policy windows right side, right click on a free area and click on Create IP Security Policy ... The IP Security Policy Wizard will start, click on Next button.

4. In the IP Security Policy Name window type a suitable name (e.g. SNMP) on the Name: text box and click Next button.

5. In the Requests for Secure Communication window click Next button.

 6. In the Completing the IP Security Policy Wizard window make sure that the Edit properties check box is checked and click Finish button.

7.  In the SNMP Properties click on Add... button.

8. In the Security Rule Wizard window click Next button.

9. In the Tunnel Endpoint window click Next button.

10. In the Network Type window select All network connections options and click Next button.

11. In the IP Filter List window click on Add... button.

12. In the IP Filter List window type a name on the Name: text box (e.g. SNMP Agent and Manager Filter) and click on the Add... button.

13. In the IP Filter Wizard window click Next button.

14. In the IP Filter Description and Mirrored property window type a Description (e.g. Write a Description) and click Next button

15. In the IP Traffic Source window click on the Source Address drop down list and select Any IP address and click Next button.

16. In the IP Traffic Destination window click on the Destination address drop down list and select My IP Address and click Next button.

17. In the IP Protocol Type window click on the Select a protocol type drop down list and select UDP then click Next button.

18. In the IP Protocol Port window select From any port  option then select To this port and type 161 and click Next button.

19. In the IP Filter Wizard window select click Finish button.

20. In the IP Filter List window click on the Add... button.

21. In the IP Filter Wizard window click Next button.

22. In the IP Filter Description and Mirrored property window type a Description and click Next button.

23. In the IP Traffic Source window click on the Source address drop down list and select My IP Address and click Next button.

24. In the IP Traffic Destination window click on the Destination Address drop down list and select Any IP address and click Next button

25. In the IP Protocol Type window click on the Select a protocol type drop down list and select UDP then click Next button.

26. In the IP Protocol Port window select From any port  option then select To this port and type 162 and click Next button.

27. In the IP Filter Wizard window select click Finish button.

28. In the IP Filter List window click on the OK button.

29. In the IP Filter List window select the created list SNMP Agent and Manager and click on the Next button.

30. In the Filter Action window click on the Add... button

31. In the IP Security Filter Action Wizard window click on the Next button.

32. In the Filter Action Name window type a name for the filter in the Name text box (e.g Secure SNMP) and then click on the Next button.

33. In the Filter Action General Options window select Negotiate security  option then click on the Next button.

34. In the Communicating with computers that do not support IPsec window select the option Do not allow unsecured communication. and then click on the Next button.

35. In the IP Traffic Security window select the option Integrity and encryption option then  click on the Next button.

36. In the IP Security Filter Action Wizard window click on the Finish button.

37. In the Filter Action window select the created filter action Secure SNMP and click on the Next button.

38. In the Authentication Method window select Use this string to protect the key exchange (preshared key) option then type a complex preshared key (e.g. ComplexPreSharedKey) then click on the Next button.

39. In the Security Rule Wizard window click on the Finish button.

40. In the SNMP Properties window click on the OK button.

41. In the Local Security Policy window right click on the new created policy SNMP and click on the Assign.

42. In the Local Security Policy window make sure that the created policy SNMP icon changed and a small green point appeared.

At this point the IPSec configuration of the Windows SNMP agent machine completed successfully.