Routing and Remote Access Services encryption options for the L2TP/IPsec protocol on a Windows Server 2008-based Network Policy Server (NPS)

Routing and Remote Access Services encryption options for the L2TP/IPsec protocol on a Windows Server 2008-based Network Policy Server (NPS)

Article ID : 954394
Last Review : July 15, 2008
Revision : 1.0
On This Page

INTRODUCTION

This article describes the Routing and Remote Access Services encryption options for the Layer Two Tunneling Protocol with IPsec (L2TP/IPsec) on a Windows Server 2008-based Network Policy Server (NPS) and also how to configure for the strongest encryption.

Back to the top

MORE INFORMATION

The following are the Routing and Remote Access Services encryption options that are available for L2TP/IPsec.

Back to the top

No encryption

• ESP SHA1
• ESP MD5
• AH SHA1
• AH MD5

Back to the top

Optional encryption

• ESP AES_128 SHA
• ESP 3_DES MD5
• ESP 3_DES SHA
• AH SHA1 with ESP AES_128 with null HMAC
• AH SHA1 with ESP 3_DES with null HMAC
• AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
• AH SHA1 with ESP 3_DES SHA1, no lifetimes
• AH MD5 with ESP 3_DES MD5, no lifetimes
• ESP DES MD5
• ESP DES SHA1, no lifetimes
• AH SHA1 with ESP DES null HMAC, no lifetimes proposed
• AH MD5 with ESP DES null HMAC, no lifetimes proposed
• AH SHA1 with ESP DES SHA1, no lifetimes
• AH MD5 with ESP DES MD5, no lifetimes
• ESP SHA, no lifetimes
• ESP MD5, no lifetimes
• AH SHA, no lifetimes
• AH MD5, no lifetimes

Back to the top

Requires encryption

• ESP AES_128 SHA
• ESP 3_DES MD5
• ESP 3_DES SHA
• AH SHA1 with ESP AES_128 with null HMAC
• AH SHA1 with ESP 3_DES with null HMAC
• AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
• AH SHA1 with ESP 3_DES SHA1, no lifetimes
• AH MD5 with ESP 3_DES MD5, no lifetimes
• ESP DES MD5
• ESP DES SHA1, no lifetimes
• AH SHA1 with ESP DES null HMAC, no lifetimes proposed
• AH MD5 with ESP DES null HMAC, no lifetimes proposed
• AH SHA1 with ESP DES SHA1, no lifetimes
• AH MD5 with ESP DES MD5, no lifetimes

Back to the top

Strong encryption

• ESP AES_256 SHA, no lifetimes
• ESP 3_DES MD5, no lifetimes
• ESP 3_DES SHA, no lifetimes
• AH SHA1 with ESP AES_256 with null HMAC, no lifetimes proposed
• AH SHA1 with ESP 3_DES with null HMAC, no lifetimes proposed
• AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
• AH SHA1 with ESP 3_DES SHA1, no lifetimes
• AH MD5 with ESP 3_DES MD5, no lifetimes

Back to the top

Strongest encryption

• ESP AES_256 SHA, no lifetimes
• ESP 3_DES MD5, no lifetimes
• ESP 3_DES SHA, no lifetimes
• AH SHA1 with ESP AES_256 with null HMAC, no lifetimes proposed
• AH SHA1 with ESP 3_DES with null HMAC, no lifetimes proposed
• AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
• AH SHA1 with ESP 3_DES SHA1, no lifetimes
• AH MD5 with ESP 3_DES MD5, no lifetimes

Back to the top

How to configure the strongest encryption for an IPsec policy

To configure the strongest encryptions for an IPsec policy, follow these steps:

1. Start the Network Policy Server (NPS) console. To do this, click Start, type Network Policy Server in the Start Search box, and then click Network Policy Server.
2. Under NPS(Local), expand Policies, click Network Policies in the left navigation pane, and then select the relevant policy in the right navigation pane.
3. Double-click the policy, and then click the Settings tab.
4. In the Settings area, click Encryption under Routing and Remote Access.
5. Click to select the Strongest encryption (MPPE 128-bit) check box.
6. Click Apply, and then click OK to apply the strongest encryption.

Back to the top


APPLIES TO
• Windows Server 2008 Datacenter without Hyper-V
• Windows Server 2008 Enterprise without Hyper-V
• Windows Server 2008 for Itanium-Based Systems
• Windows Server 2008 Standard without Hyper-V
• Windows Server 2008 Datacenter
• Windows Server 2008 Enterprise
• Windows Server 2008 Standard

Back to the top

Keywords: 
kbexpertiseinter kbinfo kbhowto KB954394

Back to the top

 

Microsoft Knowledge Base Article

This article contents is Microsoft Copyrighted material.
Microsoft Corporation. All rights reserved. Terms of Use | Trademarks


You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

AddThis Social Bookmark Button

Leave a Reply

*
To prove that you're not a bot, enter this code
Anti-Spam Image