Figure 9 Security Method Dialog Box

The Encryption and Integrity and Integrity only methods each correspond to a set of predefined parameters for an IPsec SA proposal, including an IPsec transform type (such as ESP). The transforms and additional SA parameters defined for these methods may vary according to the Windows release installed. On Windows XP systems with SP2, these methods are defined as follows:

Encryption and Integrity

Authenticated ESP using 3DES encryption and SHA1 authentication (this is equivalent to the HP-UX IPSec transform ESP_3DES_HMAC_SHA1). No SA lifetimes are specified, and these settings are compatible with the HP-UX default SA lifetimes (see “IPsec SA Key (Session Key) Lifetime Values” (page 43) for more information).

Integrity only

Authenticated ESP using NULL encryption and SHA1 authentication. (this is equivalent to the HP-UX IPSec transform ESP_NULL_HMAC_SHA1) No SA lifetimes are specified, and these settings are compatible with the HP-UX default SA lifetimes (see “IPsec SA Key (Session Key) Lifetime Values” (page 43) for more information).

To use a predefined method, select the appropriate method from the list and click OK to return to the Security Methods tab in the Filter Actions dialog box.

To create a custom method, use the following procedure:

a.Select Custom in the Security Method dialog box, then click Settings to open the Custom Security Method Settings dialog box.

b.In the Custom Security Method Settings dialog box (Figure 10), select the appropriate transform type, algorithms, and session key lifetimes. See “IPsec SA Key (Session Key) Lifetime Values” (page 43) for more information about IPsec session key lifetimes.

Configuring a Windows Host-to-Host Policy 23