Set-VpnConnectionIPsecConfiguration
Set-VpnConnectionIPsecConfiguration
Sets the IPsec parameters of a VPN connection.
Syntax
Parameter Set: Default
Set-VpnConnectionIPsecConfiguration [-ConnectionName] <String> [-RevertToDefault] [-AllUserConnection] [-AsJob] [-CimSession <CimSession[]> ] [-Force] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: CustomPolicy
Set-VpnConnectionIPsecConfiguration [-ConnectionName] <String> [-AuthenticationTransformConstants] <AuthenticationTransformConstants> [-CipherTransformConstants] <CipherTransformConstants> [-DHGroup] <DHGroup> [-EncryptionMethod] <EncryptionMethod> [-IntegrityCheckMethod] <IntegrityCheckMethod> [-PfsGroup] <PfsGroup> [-AllUserConnection] [-AsJob] [-CimSession <CimSession[]> ] [-Force] [-PassThru] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Set-VpnConnectionIpsecConfiguration cmdlet sets the IPsec parameters of a VPN connection. The settings apply only to IKEv2 and L2TP VPN connections.
Parameters
-AllUserConnection
Indicates that the VPN connection being modified is in the global phone book.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-AsJob
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-AuthenticationTransformConstants<AuthenticationTransformConstants>
Specifies authentication header (AH) transform in the IPsec policy. For more information, see Set-VpnServerIPsecConfiguration. Acceptable values for this parameter are:
-- MD596
-- SHA196
-- SHA256128
-- GCMAES128
-- GCMAES192
-- GCMAES256
-- None
Aliases |
none |
Required? |
true |
Position? |
3 |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-CimSession<CimSession[]>
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Aliases |
Session |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-CipherTransformConstants<CipherTransformConstants>
Specifies Encapsulating Security Payload (ESP) cipher transform in the IPsec policy. Acceptable values for this parameter are:
-- DES
-- DES3
-- AES128
-- AES192
-- AES256
-- GCMAES128
-- GCMAES192
-- GCMAES256
-- None
Aliases |
none |
Required? |
true |
Position? |
4 |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-ConnectionName<String>
Specifies the name of a VPN connection profile to modify. To view existing VPN connection profiles, use the Get-VpnConnection cmdlet.
Aliases |
Name |
Required? |
true |
Position? |
2 |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-DHGroup<DHGroup>
Specifies the Diffie-Hellman (DH) Group to use during IKE key exchanges. Acceptable values for this parameter are:
-- None
-- Group1
-- Group2
-- Group14
-- ECP256
-- ECP384
-- Group24
Aliases |
none |
Required? |
true |
Position? |
5 |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-EncryptionMethod<EncryptionMethod>
Specifies the encryption method. Acceptable values for this parameter are:
-- DES
-- DES3
-- AES128
-- AES192
-- AES256
Aliases |
none |
Required? |
true |
Position? |
6 |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-Force
Performs the action without a confirmation message.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-IntegrityCheckMethod<IntegrityCheckMethod>
Specifies the integrity check method used to protect data from tampering. Acceptable values for this parameter are:
-- MD5
-- SHA196
-- SHA256
-- SHA384
Aliases |
none |
Required? |
true |
Position? |
7 |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output. If you specify this parameter, the cmdlet returns the VpnConnection object that contains the VpnConnection configuration settings.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-PfsGroup<PfsGroup>
Specifies the Perfect Forwarding Secrecy (PFS) Group in the IPsec policy. Acceptable values for this parameter are:
-- None
-- PFS1
-- PFS2
-- PFS2048
-- ECP256
-- ECP384
-- PFSMM
-- PFS24
Aliases |
none |
Required? |
true |
Position? |
8 |
Default Value |
none |
Accept Pipeline Input? |
True (ByPropertyName) |
Accept Wildcard Characters? |
false |
-RevertToDefault
Indicates that the cmdlet sets the IPsec parameters to the default values.
Aliases |
none |
Required? |
true |
Position? |
3 |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-ThrottleLimit<Int32>
Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
- Microsoft.Management.Infrastructure.CimInstance#VpnConnectionIPsecConfiguration
Examples
Example 1: Set the IPsec configuration for an IKEv2 tunnel
This example sets the IPsec configuration for a VPN connection using IKEv2.
The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.
The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration by using the ConnectionName parameter. The command also specifies values for the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters.
PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType Ikev2
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants None -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA384 -PfsGroup None -DHGroup ECP384 -PassThru -Force
Example 2: Set the IPsec configuration for an L2TP tunnel
This example sets the IPsec configuration for an L2TP tunnel.
The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The command also specifies an L2TP tunnel.
The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration. The command also specifies values for the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters.
PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType L2tp
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants None -CipherTransformConstants AES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup ECP256 -PassThru -Force
Example 3: Set the IPsec configuration for an IKEv2 tunnel with 128-bit data blocks
This example sets the IPsec configuration for an IKEv2 tunnel with authentication transform constants.
The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.
The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration. The command also specifies values for the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters, as well as specifying a value for the AuthenticationTransformConstants parameter.
PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType Ikev2
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants None -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup ECP256 -PassThru -Force
Example 4: Set the IPsec configuration for an IKEv2 tunnel with 256-bit data blocks
This example sets the IPsec configuration for an IKEv2 tunnel, and specifies authentication transform constants.
The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.
The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration. The command also specifies values for the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters, as well as specifying a value for the AuthenticationTransformConstants parameter.
PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType Ikev2
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants None -EncryptionMethod AES256 -IntegrityCheckMethod SHA384 -PfsGroup None -DHGroup ECP384 -PassThru -Force
Related topics
Set-VpnServerIPsecConfiguration