If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
AES support in Windows Vista IPsecurity configuration
I am using Windows vista Enterprise edition. I am trying to configure AES
encryption using IPSEC setting tab in "Widnows Firewall with Advanced Security" tab. I am able to see "AES-128" as an option for Encryption algorithm under "Main Mode" or "Quick Mode" in this menu. The same connection security rules I am trying to configure using Netsh from the command prompt, under IPsec I am unable to select AES as the configuration algorithm for mmsecmethods or qmsec,methods. Only DES or 3DES are the available options. netsh ipsec dynamicadd qmpolicy help Usage: qmpolicy [ name = ] string [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Adds a quick mode policy to SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either `yes' or `no'. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add qmpolicy name=qmp qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s" netsh ipsec dynamic I need to test with AES as Configuration alg, SHA1 as the Hash algorithm. Is there an option to add AES as the configuation algorithm in Vista using command line? |
Ads |
#2
|
|||
|
|||
AES support in Windows Vista IPsecurity configuration
From: "Preethi" Preethi @discussions.microsoft.com
| I am using Windows vista Enterprise edition. I am trying to configure AES Then post in a Vista related news group, not an XP group. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp |
#3
|
|||
|
|||
AES support in Windows Vista IPsecurity configuration
"Preethi" Preethi @discussions.microsoft.com wrote in message ... I am using Windows vista Enterprise edition. I am trying to configure AES encryption using IPSEC setting tab in "Widnows Firewall with Advanced Security" tab. I am able to see "AES-128" as an option for Encryption algorithm under "Main Mode" or "Quick Mode" in this menu. The same connection security rules I am trying to configure using Netsh from the command prompt, under IPsec I am unable to select AES as the configuration algorithm for mmsecmethods or qmsec,methods. Only DES or 3DES are the available options. netsh ipsec dynamicadd qmpolicy help Usage: qmpolicy [ name = ] string [ [ soft = ] (yes | no) ] [ [ pfsgroup = ] (GRP1 | GRP2 | GRP3 | GRPMM | NOPFS) ] [ [ qmsecmethods = ] (neg#1 neg#2 ... neg#n) ] Adds a quick mode policy to SPD. Parameters: Tag Value name -Name of the quick mode policy. soft -Allow unsecured communication with non-IPsec-aware computers. This takes a value of either `yes' or `no'. pfsgroup -GRP1,GRP2,GRP3,GRPMM,NOPFS(default). qmsecmethods -IPsec offer in one of the following formats: ESP[ConfAlg,AuthAlg]:k/s AH[HashAlg]:k/s AH[HashAlg]+ESP[ConfAlg,AuthAlg]:k/s where ConfAlg can be DES or 3DES or None. where AuthAlg can be MD5 or SHA1 or None. where HashAlg is MD5 or SHA1. where k is lifetime in kilobytes. where s is lifetime in seconds. Remarks: The use of DES and MD5 is not recommended. These cryptographic algorithms are provided for backward compatibility only. Examples: add qmpolicy name=qmp qmsec="AH[MD5]:10000k/24800s ESP[DES,SHA1]:30000k/300s" netsh ipsec dynamic I need to test with AES as Configuration alg, SHA1 as the Hash algorithm. Is there an option to add AES as the configuation algorithm in Vista using command line? Please post in `microsoft.public.windows.vista.security' NG or in a Vista security forum as David Lipman suggests. -- Allan |
Thread Tools | |
Display Modes | |
|
|