HP UX IPSec Software manual 4

This section describes how to configure Windows IKE algorithms using the Windows Firewall with Advanced Security MMC. You can also use the Windows netsh advfirewall set global mainmode command to configure IKE algorithms.

For information on how to configure IKE algorithms on HP-UX systems, see “IKE default algorithms.”

Use the following procedure to configure Windows IKE algorithms using the Windows Firewall with Advanced Security MMC:

1.Select Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security on Local Computer to start the Windows firewall MMC.

2.Select Properties in the right menu. In the Properties dialog box, click the IPsec Settings tab.

3.In the IPsec defaults section, click Customize.

The MMC opens the Customize IPsec Settings dialog box.

4.In the Key exchange (Main Mode) section, select Advanced. Click Customize.

The MMC opens the Customize Advanced Key Exchange Settings dialog box.

5.In the Security methods section, click Add.

The MMC opens the Security Method dialog box.

6.In the Encryption algorithm section, select an IKE encryption algorithm, such as 3DES. In the Integrity algorithm section, select the IKE hash algorithm, such as MD5.

7.Click OK to close the Security Method dialog box.

Click OK to close the Customize Advanced Key Exchange Settings dialog box. Click OK to close the Customize IPsec Settings dialog box.

Click OK to close the Properties dialog box.

Configuring connection security rules

This section describes two methods to configure connection security rules on Microsoft Windows Vista and Windows 2008 systems:

Using the Windows Firewall with Advanced Security Microsoft Management Console (MMC) snap- in. The Firewall MMC provides a GUI that enables you to configure a connection security rule for all packets between IP addresses, regardless of protocols and port numbers. It does not allow you to specify protocols or port numbers for the filter.

Using the Microsoft netsh advfirewall consec command. This command enables you to create a connection security rule that includes protocol and ports in the filter.

Using the Windows Firewall MMC to configure connection security rules

Use the following procedure to use the Windows Firewall with Advanced Security MMC to configure a connection security rule:

1.Select Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security on Local Computer to start the Windows firewall MMC.

2.Select Connection Security Rules in the left menu.

4