General IPSec Policy Settings
Updated: January 21, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
General IPSec policy settings
The general settings for an IPSec policy consist of the following types:
The name for the policy.
Optional text that describes the purpose of the IPSec policy. It is recommended that you complete and update this description to provide a summary of the settings and rules for the policy.
Policy change poll interval
The number of minutes between consecutive polls for changes in Active Directory-based IPSec policies. This polling does not detect a change in domain or organizational unit membership, or the assigning or unassigning of a new policy. These events are detected when the Winlogon service polls for changes in Group Policy, which occurs by default every 90 minutes.
Key exchange settings
The way in which new keys are derived and how often they are renewed.
Key exchange methods
The ways in which identities are protected during the key exchange.
The default key exchange settings and methods are configured to work for most IPSec deployments. Unless there are special security requirements, default settings should not have to be changed.