The following commands can be used to script the creation of legacy IPsec policies. The example here creates an IPsec policy meant to secure all IP traffic between domain controllers in separate forests in order to secure AD forest trust traffic.
This example uses PSK for authentication, but you should use certificates if possible.
Create the IPsec policy:
Create a filter action:
Note: In the filter action example the name of the filter action reflects the settings in the filter action. This makes it easier to create reusable filter actions.
Create the filter list:
Create filters and add them to the filter list:
Create a rule in the IPsec policy we created using the filter list and filter action that we created: