Microsoft Knowledge Base Email Alertz
All KB/RSS Links  |  Hot Kb!  |  New Kb!  |  Scott Cate  |  FAQ / KB  |  Web Hosting  |  Unsubscribe  

Routing and Remote Access Services encryption options for the L2TP/IPsec protocol on a Windows Server 2008-based Network Policy Server (NPS)

Search KbAlertz

Advanced Search

Receive Microsoft Knowledge Base articles by E-Mail?

Every night we scan the Microsoft Knowledge Base. If technologies you're interested in are updated, we'll send you an e-mail. You only get one e-mail a day, and only when new articles are added.
Click here to create a
FREE account
Already have an account?
[Click here to Login]











Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
©2005-©2007 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks
Article ID: 954394 - Last Review: July 15, 2008 - Revision: 1.1

Routing and Remote Access Services encryption options for the L2TP/IPsec protocol on a Windows Server 2008-based Network Policy Server (NPS)

View products that this article applies to.

On This Page

INTRODUCTION

This article describes the Routing and Remote Access Services encryption options for the Layer Two Tunneling Protocol with IPsec (L2TP/IPsec) on a Windows Server 2008-based Network Policy Server (NPS) and also how to configure the strongest encryption for an IPsec policy.
Back to the top

MORE INFORMATION

The following are the Routing and Remote Access Services encryption options that are available for L2TP/IPsec.
Back to the top

No encryption

  • ESP SHA1
  • ESP MD5
  • AH SHA1
  • AH MD5
Back to the top

Optional encryption

  • ESP AES_128 SHA
  • ESP 3_DES MD5
  • ESP 3_DES SHA
  • AH SHA1 with ESP AES_128 with null HMAC
  • AH SHA1 with ESP 3_DES with null HMAC
  • AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES SHA1, no lifetimes
  • AH MD5 with ESP 3_DES MD5, no lifetimes
  • ESP DES MD5
  • ESP DES SHA1, no lifetimes
  • AH SHA1 with ESP DES null HMAC, no lifetimes proposed
  • AH MD5 with ESP DES null HMAC, no lifetimes proposed
  • AH SHA1 with ESP DES SHA1, no lifetimes
  • AH MD5 with ESP DES MD5, no lifetimes
  • ESP SHA, no lifetimes
  • ESP MD5, no lifetimes
  • AH SHA, no lifetimes
  • AH MD5, no lifetimes
Back to the top

Requires encryption

  • ESP AES_128 SHA
  • ESP 3_DES MD5
  • ESP 3_DES SHA
  • AH SHA1 with ESP AES_128 with null HMAC
  • AH SHA1 with ESP 3_DES with null HMAC
  • AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES SHA1, no lifetimes
  • AH MD5 with ESP 3_DES MD5, no lifetimes
  • ESP DES MD5
  • ESP DES SHA1, no lifetimes
  • AH SHA1 with ESP DES null HMAC, no lifetimes proposed
  • AH MD5 with ESP DES null HMAC, no lifetimes proposed
  • AH SHA1 with ESP DES SHA1, no lifetimes
  • AH MD5 with ESP DES MD5, no lifetimes
Back to the top

Strong encryption

  • ESP AES_256 SHA, no lifetimes
  • ESP 3_DES MD5, no lifetimes
  • ESP 3_DES SHA, no lifetimes
  • AH SHA1 with ESP AES_256 with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES SHA1, no lifetimes
  • AH MD5 with ESP 3_DES MD5, no lifetimes
Back to the top

Strongest encryption

  • ESP AES_256 SHA, no lifetimes
  • ESP 3_DES MD5, no lifetimes
  • ESP 3_DES SHA, no lifetimes
  • AH SHA1 with ESP AES_256 with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES SHA1, no lifetimes
  • AH MD5 with ESP 3_DES MD5, no lifetimes
Back to the top

How to configure the strongest encryption for an IPsec policy

To configure the strongest encryptions for an IPsec policy, follow these steps:
  1. Start the Network Policy Server (NPS) console. To do this, click Start, type Network Policy Server in the Start Search box, and then click Network Policy Server.
  2. Under NPS(Local), expand Policies, click Network Policies in the left navigation pane, and then select the relevant policy in the right navigation pane.
  3. Double-click the policy, and then click the Settings tab.
  4. In the Settings area, click Encryption under Routing and Remote Access.
  5. Click to select the Strongest encryption (MPPE 128-bit) check box.
  6. Click Apply, and then click OK to apply the strongest encryption.
Back to the top
APPLIES TO
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Back to the top
Keywords: 
kbexpertiseinter kbinfo kbhowto KB954394
Back to the top
        

Community Feedback System

Very often, it takes hours to solve a problem. Very often, you've looked high and low, and have tried a lot of solutions. When you finally found it, chances are, it was because someone else helped you. Here's your chance to give back. Use our community feedback tool to let others know what worked for you and what didn't.

Please also understand that the community feedback system is not warranted to be correct, it's simply a system that we've built to let people try and help each other. If something in a feedback response doesn't make sense to you, or you're not comfortable making changes that the feedback talks about (like registry edits), please consult a professional.

Thank you for using kbAlertz.com Feedback System.

-- Scott Cate

Copyright © 2002-2007 KBALERTZ.COM.  All Rights Reserved. Terms / PrivacyDiscount ASP.NET Hosting