Dialog Box: Add or Edit Security Method

1. On the Windows Firewall with Advanced Security MMC snap-in page, in Overview, click Windows Firewall Properties.

2. Click the IPsec Settings tab.

3. Under IPsec defaults, click Customize.

4. Under Key exchange (Main Mode), select Advanced, and then click Customize.

5. Under Security methods, select an algorithm combination from the list, and click Edit or Add.

Select one of the following integrity algorithms from the list.

• SHA-384
  
  
• SHA-256
  
  
• SHA-1
  
  
• MD5
  
  

  Caution
  MD5 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.

Select one of the following encryption algorithms from the list.

• AES-CBC 256
  
  
• AES-CBC-192
  
  
• AES-CBC-128
  
  
• 3DES
  
  
• DES
  
  

  Caution
  DES is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.

Select one of the following key exchange algorithms from the list.

• Elliptic Curve Diffie-Hellman P-384
  
  
• Elliptic Curve Diffie-Hellman P-256
  
  
• Diffie-Hellman Group 14
  
  
• Diffie-Hellman Group 2
  
  
• Diffie-Hellman Group 1
  
  

  Caution
  DH1 is no longer considered secure and should only be used for testing purposes or in cases in which the remote computer cannot use a more secure algorithm. It is included for backward compatibility only.

For more information about any of these algorithms, see IPsec Algorithms and Methods Supported in Windows 129230 (http://go.microsoft.com/fwlink/?linkid=129230).