Export (0) Print
Expand All
Expand Minimize

Set-VpnServerConfiguration

Windows Server 2012 R2 and Windows 8.1

Updated: October 17, 2013

Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2

Set-VpnServerConfiguration

Configures VPN server properties.

Syntax

Parameter Set: EncryptionType
Set-VpnServerConfiguration [-AsJob] [-CimSession <CimSession[]> ] [-EncryptionType <String> ] [-IdleDisconnectSeconds <UInt32> ] [-Ikev2Ports <UInt32> ] [-L2tpPorts <UInt32> ] [-PassThru] [-SADataSizeForRenegotiationKilobytes <UInt32> ] [-SALifeTimeSeconds <UInt32> ] [-SstpPorts <UInt32> ] [-ThrottleLimit <Int32> ] [-TunnelType <TunnelType> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: CustomPolicy
Set-VpnServerConfiguration -CustomPolicy [-AsJob] [-AuthenticationTransformConstants <AuthenticationTransformConstants> ] [-CimSession <CimSession[]> ] [-CipherTransformConstants <CipherTransformConstants> ] [-DHGroup <DHGroup> ] [-EncryptionMethod <EncryptionMethod> ] [-IdleDisconnectSeconds <UInt32> ] [-Ikev2Ports <UInt32> ] [-IntegrityCheckMethod <IntegrityCheckMethod> ] [-L2tpPorts <UInt32> ] [-PassThru] [-PfsGroup <PfsGroup> ] [-SADataSizeForRenegotiationKilobytes <UInt32> ] [-SALifeTimeSeconds <UInt32> ] [-SstpPorts <UInt32> ] [-ThrottleLimit <Int32> ] [-TunnelType <TunnelType> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: RevertToDefault
Set-VpnServerConfiguration -RevertToDefault [-AsJob] [-CimSession <CimSession[]> ] [-PassThru] [-ThrottleLimit <Int32> ] [-TunnelType <TunnelType> ] [-Confirm] [-WhatIf] [ <CommonParameters>]




Detailed Description

The Set-VpnServerConfiguration cmdlet configures virtual private network (VPN) server properties. The cmdlet modifies settings for a Routing and Remote Access service (RRAS) server for incoming server-to-server protocol (S2S protocol) VPN interfaces.

You can configure the size and duration of a security association (SA), and specify an idle disconnect time.

Specify an encryption type by using the EncryptionType parameter

Create a custom policy by specifying the CustomPolicy parameter. You can specify a tunnel type and how many ports to create for different tunnel types. You can also specify cipher transform constants, Diffie-Hellman (DH) group, encryption method, integrity method, and perfect forward secrecy (PFS) group.

Change the settings back to default values by using the RevertToDefault parameter.

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the Receive-Job cmdlet. For more information about Windows PowerShell® background jobs, see about_Jobs.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-AuthenticationTransformConstants<AuthenticationTransformConstants>

Specifies authentication transform constants. The acceptable values for this parameter are: 

-- SHA256128
-- MD596
-- SHA196
-- GCMAES128
-- GCMAES192
-- GCMAES256
-- None


Aliases

FirstTransformType

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CimSession<CimSession[]>

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.


Aliases

Session

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-CipherTransformConstants<CipherTransformConstants>

Specifies cipher transform constants. The acceptable values for this parameter are: 

-- DES
-- DES3
-- AES128
-- AES192
-- AES256
-- GCMAES128
-- GCMAES192
-- GCMAES256
-- None


Aliases

FirstCipherAlgorithm,OtherCipherAlgorithm

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CustomPolicy

Indicates that the cmdlet sets custom Internet Key Exchange (IKE) Internet Protocol security (IPsec) policies.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-DHGroup<DHGroup>

Specifies a DH group. The server uses this value to generate IKE keys. The acceptable values for this parameter are: 

-- Group1
-- Group2
-- Group14
-- ECP256
-- ECP384
-- Group24
-- None


Aliases

none

Required?

false

Position?

named

Default Value

2

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EncryptionMethod<EncryptionMethod>

Specifies an encryption method. The server uses this encryption method to generate IKE keys. The acceptable values for this parameter are: 

-- DES
-- DES3
-- AES128
-- AES192
-- AES256


Aliases

Encryption

Required?

false

Position?

named

Default Value

4

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EncryptionType<String>

Specifies the type of encryption. The acceptable values for this parameter are: 

-- NoEncryption
-- RequireEncryption
-- OptionalEncryption
-- MaximumEncryption


Aliases

none

Required?

false

Position?

named

Default Value

OptionalEncryption

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-IdleDisconnectSeconds<UInt32>

Specifies amount of time, in seconds, after which the server disconnects an idle connection.


Aliases

IdleDurationSeconds

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Ikev2Ports<UInt32>

Specifies the number of ports to create for IKE version 2.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-IntegrityCheckMethod<IntegrityCheckMethod>

Specify the integrity check method for IPsec. The acceptable values for this parameter are: 

-- MD5
-- SHA1
-- SHA256
-- SHA384


Aliases

FirstIntegrityAlgorithm,OtherHashAlgorithm

Required?

false

Position?

named

Default Value

2

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-L2tpPorts<UInt32>

Specifies the number of ports to create for Layer Two Tunneling Protocol (L2TP).


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-PfsGroup<PfsGroup>

Specifies the PFS group. The acceptable values for this parameter are: 

-- PFS1
-- PFS2
-- PFS2048
-- ECP256
-- ECP384
-- PFSMM
-- PFS24
-- None


Aliases

PfsGroupId

Required?

false

Position?

named

Default Value

3

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-RevertToDefault

Indicates that the cmdlet sets IPsec properties to their default values.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-SADataSizeForRenegotiationKilobytes<UInt32>

Specifies the amount of data, in kilobytes, to transfer using a particular SA. When data transfer reaches this limit, the server renegotiates the SA.


Aliases

LifeTimeKiloBytes

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SALifeTimeSeconds<UInt32>

Specifies the length of time, in seconds, of an SA. After this interval, the SA becomes invalid.


Aliases

LifeTimeSeconds

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SstpPorts<UInt32>

Specifies the number of ports to create for Secure Socket Tunneling Protocol (SSTP).


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-TunnelType<TunnelType>

Specifies a tunnel type. The custom policy applies to this type of tunnel. The acceptable values for this parameter are: 

-- PPTP. Point-to-Point Tunneling Protocol.
-- L2TP. Layer Two Tunneling Protocol.
-- SSTP. Secure Socket Tunneling Protocol.
-- IKEv2. Internet Key Exchange version 2.
-- Automatic.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Microsoft.Management.Infrastructure.CimInstance#VpnServerIPsecConfiguration

Examples

Example 1: Change the idle disconnect time

This command changes the idle disconnect time to 1000 seconds for the VPN server. The command includes the PassThru parameter, so the command sends a VpnServerIPsecConfiguration object to the console.


PS C:\> Set-VpnServerConfiguration -IdleDisconnectSeconds 1000 -PassThru
WARNING: Configuration parameters will be modified after the Remote Access service is restarted.
EncryptionType : OptionalEncryption

Ikev2Ports : 5

IdleDisconnect(s) : 1000

L2tpPorts : 5

SADataSizeForRenegotiation(KB) : 102400

SALifeTime(s) : 28800

Example 2: Configure a custom IPsec policy

This command configures a custom IPsec policy for incoming VPN connections and S2S protocol VPN connections that do not use a pre-shared key as an authentication method.


PS C:\> Set-VpnServerConfiguration -CustomPolicy -AuthenticationTransformConstants "SHA256128" -CipherTransformConstants "AES128" -DHhGroup "Group2" -EncryptionMethod "AES128" -IntegrityCheckMethod "SHA256" -PassThru -PfsGroup "PFS2"
WARNING: Configuration parameters will be modified after the Remote Access service is restarted.

AuthenticationTransformConstants : SHA256128

CipherTransformConstants : AES128

CustomPolicy : True

DHGroup : Group2

EncryptionMethod : AES128

Ikev2Ports : 5

IdleDisconnect(s) : 1000

IntegrityCheckMethod : SHA256

L2tpPorts : 5

PFSgroup : PFS2

SADataSizeForRenegotiation(KB) : 102400

SALifeTime(s) : 28800

Related topics

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft