![](/images/new-backgrounds/1185792/185792179x1.webp)
DH Group | Group 1 (768 bit) | Must match client PC |
IKE SA Life time | 28800 | Does not have to match client PC. Shorter |
|
| period will be used. |
IKE PFS | Disable | Must match client PC |
IPSec SA Parameters |
| |
IPSec SA Life time | 28800 | Do not have to match. Shorter period will be |
|
| used. |
IPSec PFS | Disable | Must match client PC |
AH authentication | Disabled | AH is rarely used |
ESP authentication | Enable/MD5 | Must match client PC |
ESP encryption | Enable/DES | Must match client PC |
Windows Client Configuration
1.Select Start - Programs - Administrative Tools - Local Security Policy.
2.Right click IP Security Policy on Local Machine and select Create IP Security Policy
Figure 58: Windows 2000/XP - Local Security Settings
3.Click "Next", then enter a policy name, for example "DUT To Win2K", then click "Next".
4.Step through the Wizard:
•Deselect Activate the default response rule. Click "Next",
•Leave Edit Properties checked. Click "Finish".
5.The following "Properties - Rules" screen will be displayed.
86