Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2012 : Configuring IPsec (part 2) - Configuring IPsec settings - Customizing IPsec defaults

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
10/20/2014 9:19:41 PM

Configuring IPsec settings

In contrast to firewall settings, which are configured for each firewall profile separately, IPsec settings are systemwide settings that define defaults for IPsec communications between the local computer and other computers on the network. These systemwide IPsec settings can be configured using either the Windows Firewall with Advanced Security snap-in, using the Windows Firewall with Advanced Security policy node under Computer Configuration\Policies\Windows Settings\Security Settings in a GPO or Windows PowerShell.

To configure IPsec settings using the Windows Firewall with Advanced Security snap-in on the local computer, right-click on the root node in the console tree, select Properties, and switch to the IPsec Settings tab as shown in Figure 1. These are the settings you can configure here:

  • IPsec Defaults Use this option to configure the default IPsec settings that the local computer will use when attempting to establish secure connections with other IPsec-enabled computers. To configure these settings, click the Customize button to open the Customize IPsec Defaults dialog box shown in Figure 2 in the next section.

  • IPsec Exemptions Use this option to configure how IPsec handles Internet Control Message Protocol (ICMP) traffic. By default, ICMP traffic is not exempted from using IPsec, but you can change this by selecting Yes from the list control.

  • IPsec Tunnel Authorization Use this option to configure the users and computers that you want to be authorized to establish IPsec communications with the local computer.To configure these settings, select Advanced and click the Customize button to open the Customize IPsec Tunnel Authorizations dialog box shown in Figure 11-19 later in this lesson.

Configuring systemwide IPsec settings on the computer.
Figure 1. Configuring systemwide IPsec settings on the computer.

Customizing IPsec defaults

As described in the previous section, the Customize IPsec Defaults dialog box shown in Figure 2 is used to configure the default IPsec settings that the local computer will use when attempting to establish secure connections with other IPsec-enabled computers. The types of default settings you can configure include settings for

  • Key exchange (main mode)

  • Data protection (quick mode)

  • Authentication method

Dialog box for customizing IPsec defaults.
Figure 2. Dialog box for customizing IPsec defaults.

Figure 3 shows the default IPsec settings for key exchange. The process for applying them is as follows:

  1. Start by attempting to use the Diffie-Hellman Group 2 key-exchange algorithm to negotiate using SHA-1 for data integrity and AES-CBC 128 for data encryption.

  2. If that fails, attempt to use DH Group 2 to negotiate using SHA-1 for data integrity and 3DES for data encryption.

You can add other security methods to the list of methods the computer should attempt to use. You can also configure key lifetimes and other key-exchange options using this dialog box.

Configuring advanced key-exchange settings.
Figure 3. Configuring advanced key-exchange settings.

Figure 4 shows the default IPsec settings for data protection. The process for applying them is as follows:

  • If only data integrity but not data encryption is required, then do the following:

    1. Start by attempting to use ESP to negotiate using SHA-1 for data integrity.

    2. If that fails, attempt to use AH to negotiate using SHA-1 for data integrity.

  • If both data integrity and encryption are required, then do the following:

    1. Start by attempting to use ESP to negotiate using SHA-1 for data integrity and AES-CBC 218 for data encryption.

    2. If that fails, attempt to use AH to negotiate using SHA-1 for data integrity and 3DES for data encryption.

You can use this dialog box to add other data-integrity and encryption algorithms to the list of algorithms the computer should attempt to use. You can also use it to require encryption for all IPsec communications on the computer.

Configuring data-integrity and encryption settings.
Figure 4. Configuring data-integrity and encryption settings.

As Figure 5 shows, the default authentication methods that IPsec uses for first and second authentication are as follows:

  • For first authentication, the only authentication method attempted is Computer (Kerberos V5). If desired, you can add other authentication methods and prioritize how they are used.

  • For second authentication, no authentication is attempted. If desired, you can add authentication methods and prioritize how they are used.

You can also use this dialog box to specify whether first or second authentication should be considered optional.

Configuring authentication methods.
Figure 5. Configuring authentication methods.
Other -----------------
- Microsoft Lync Server 2013 : Director Troubleshooting (part 3) - Synthetic Transactions,Telnet
- Microsoft Lync Server 2013 : Director Troubleshooting (part 2) - DNS Records, Logs
- Microsoft Lync Server 2013 : Director Troubleshooting (part 1) - Redirects, Certificates
- Microsoft Lync Server 2013 : Administration of the Director Role (part 4) - Services Management, Client Version Filter
- Microsoft Lync Server 2013 : Administration of the Director Role (part 3) - Topology Status
- Microsoft Lync Server 2013 : Administration of the Director Role (part 2) - Ports,Firewall Rules
- Microsoft Lync Server 2013 : Administration of the Director Role (part 1) - Services
- Microsoft Lync Server 2013 : Configuring the Director (part 2) - Web Services Ports,Reverse Proxy
- Microsoft Lync Server 2013 : Configuring the Director (part 1) - SRV Records, Web Services FQDN Overrides
- Sharepoint 2013 : SharePoint Designer 2013 (part 2) - Locking Down SharePoint Designer
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server