Use this dialog box to configure a security method offer that is available when negotiating main mode security associations. You must specify the integrity, encryption, and key exchange algorithm.
|
How to get to this dialog box |
-
On the Windows Firewall with Advanced Security MMC snap-in page, in Overview, click Windows Firewall Properties.
-
Click the IPsec Settings tab.
-
Under IPsec defaults, click Customize.
-
Under Key exchange (Main Mode), select Advanced, and then click Customize.
-
Under Security methods, select an algorithm combination from the list, and click Edit or Add.
Integrity algorithm
Select one of the following integrity algorithms from the list.
- SHA-384
- SHA-256
- SHA-1
- MD5
Caution MD5 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.
Encryption algorithm
Select one of the following encryption algorithms from the list.
- AES-CBC 256
- AES-CBC-192
- AES-CBC-128
- 3DES
- DES
Caution DES is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.
Key exchange algorithm
Select one of the following key exchange algorithms from the list.
- Elliptic Curve Diffie-Hellman P-384
- Elliptic Curve Diffie-Hellman P-256
- Diffie-Hellman Group 14
- Diffie-Hellman Group 2
- Diffie-Hellman Group 1
Caution DH1 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.
For more information about any of these algorithms, see IPsec Algorithms and Methods Supported in Windows (http://go.microsoft.com/fwlink/?linkid=129230).