Configuring Microsoft Windows Vista and Windows Server 2008 to Operate with HP-UX IPSec
4
This section describes how to configure Windows IKE algorithms using the Windows Firewall with
Advanced Security MMC. You can also use the Windows netsh advfirewall set global
mainmode command to configure IKE algorithms.
For information on how to configure IKE algorithms on HP-UX systems, see “IKE default algorithms.”
Use the following procedure to configure Windows IKE algorithms using the Windows Firewall with
Advanced Security MMC:
1. Select Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security on Local
Computer to start the Windows firewall MMC.
2. Select Properties in the right menu. In the Properties dialog box, click the IPsec Settings tab.
3. In the IPsec defaults section, click Customize.
The MMC opens the Customize IPsec Settings dialog box.
4. In the Key exchange (Main Mode) section, select Advanced.
Click Customize.
The MMC opens the Customize Advanced Key Exchange Settings dialog box.
5. In the Security methods section, click Add.
The MMC opens the Security Method dialog box.
6. In the Encryption algorithm section, select an IKE encryption algorithm, such as 3DES.
In the Integrity algorithm section, select the IKE hash algorithm, such as MD5.
7. Click OK to close the Security Method dialog box.
Click OK to close the Customize Advanced Key Exchange Settings dialog box.
Click OK to close the Customize IPsec Settings dialog box.
Click OK to close the Properties dialog box.
Configuring connection security rules
This section describes two methods to configure connection security rules on Microsoft Windows Vista
and Windows 2008 systems:
Using the Windows Firewall with Advanced Security Microsoft Management Console (MMC) snap-
in. The Firewall MMC provides a GUI that enables you to configure a connection security rule for
all packets between IP addresses, regardless of protocols and port numbers. It does not allow you
to specify protocols or port numbers for the filter.
Using the Microsoft netsh advfirewall consec command. This command enables you to
create a connection security rule that includes protocol and ports in the filter.
Using the Windows Firewall MMC to configure connection security rules
Use the following procedure to use the Windows Firewall with Advanced Security MMC to configure
a connection security rule:
1. Select Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security on Local
Computer to start the Windows firewall MMC.
2. Select Connection Security Rules in the left menu.