Logo
programming4us
programming4us
programming4us
programming4us
Home
programming4us
XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
Windows Server

Windows Server 2012 : Configuring IPsec (part 3) - Configuring IPsec settings - Customizing IPsec tunnel authorizations, Configuring IPsec settings using Windows PowerShell

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
10/20/2014 9:20:53 PM

Customizing IPsec tunnel authorizations

If IPsec tunnel connections will be allowed with the computer, you can use the Customize IPsec Tunnel Authorizations dialog box shown in Figure 6 to configure this. Using this dialog box, you can specify

  • Which computers are authorized to establish tunnel connections with the local computer.

  • Which users are authorized to establish tunnel connections with the local computer.

You can also specify exceptions for each of the preceding settings.

Configuring IPsec tunnel authorizations.
Figure 6. Configuring IPsec tunnel authorizations.

Configuring IPsec settings using Windows PowerShell

You can also use Windows PowerShell to configure IPsec settings either in the policy store on the local computer, a remote computer, or a GPO. You can do this using the cmdlets from the NetSecurity module of Windows PowerShell.

For example, you can use the Get-NetIPsecMainModeCryptoSet cmdlet to display the main-mode cryptographic sets on a computer:

PS C:\> Get-NetIPsecMainModeCryptoSet -PolicyStore ActiveStore

Name : {E5A5D32A-4BCE-4e4d-B07F-4AB1BA7E5FE1}
DisplayName : Service Hardcoded Default Phase1 CryptoSet
Description : Service Hardcoded Default Phase1 CryptoSet
DisplayGroup :
Group :
Proposal : {
0 : Encryption: AES128
: Hash: SHA1
: KeyExchange: DH2
1 : Encryption: DES3
: Hash: SHA1
: KeyExchange: DH2
}
MaxMinutes : 480
MaxSessions : 0
ForceDiffieHellman : False
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus :
PolicyStoreSource : No Policy Store (Hardcoded)
PolicyStoreSourceType : Hardcoded

Compare the preceding command output to Figure 1 earlier in this lesson. To configure the main mode cryptographic sets on the computer, you can use the Set-NetIPsecMainModeCryptoSet cmdlet.

As a second example, you can use the Get-NetIPsecPhase1AuthSet cmdlet to display how first authentication is configured on the computer:

PS C:\> Get-NetIPsecPhase1AuthSet -PolicyStore ActiveStore

Name : {E5A5D32A-4BCE-4e4d-B07F-4AB1BA7E5FE3}
DisplayName : Service Hardcoded Default Phase1 AuthSet
Description : Service Hardcoded Default Phase1 AuthSet
DisplayGroup :
Group :
Proposal : {
0 : MachineKerb
}

PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus :
PolicyStoreSource : No Policy Store (Hardcoded)
PolicyStoreSourceType : Hardcoded

Compare the preceding command output to Figure 3 earlier in this lesson. To configure first authentication on the computer, you can use the Set-NetIPsecPhase1AuthSet cmdlet.

Quick check

  • A local computer running Windows Server 2012 is using the 3DES algorithm for data encryption when using IPsec to communicate with a remote computer running an unknown operating system. Why is the local computer not using the more secure AES-CBC 128 algorithm instead?

Quick check answer

  • This is probably because the operating system on the remote computer does not support data encryption using the AES-CBC 128 algorithm. By default, Windows Server 2012 starts by attempting to use the Diffie-Hellman Group 2 key-exchange algorithm to negotiate using SHA-1 for data integrity and AES-CBC 128 for data encryption. If that fails, attempt to use DH Group 2 to negotiate using SHA-1 for data integrity and 3DES for data encryption.

Other -----------------
- Microsoft Lync Server 2013 : Director Troubleshooting (part 3) - Synthetic Transactions,Telnet
- Microsoft Lync Server 2013 : Director Troubleshooting (part 2) - DNS Records, Logs
- Microsoft Lync Server 2013 : Director Troubleshooting (part 1) - Redirects, Certificates
- Microsoft Lync Server 2013 : Administration of the Director Role (part 4) - Services Management, Client Version Filter
- Microsoft Lync Server 2013 : Administration of the Director Role (part 3) - Topology Status
- Microsoft Lync Server 2013 : Administration of the Director Role (part 2) - Ports,Firewall Rules
- Microsoft Lync Server 2013 : Administration of the Director Role (part 1) - Services
- Microsoft Lync Server 2013 : Configuring the Director (part 2) - Web Services Ports,Reverse Proxy
- Microsoft Lync Server 2013 : Configuring the Director (part 1) - SRV Records, Web Services FQDN Overrides
- Sharepoint 2013 : SharePoint Designer 2013 (part 2) - Locking Down SharePoint Designer
 
 
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
 
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server