Export (0) Print
Expand All
Expand Minimize
This topic has not yet been rated - Rate this topic

Set-VpnServerIPsecConfiguration

Windows Server 2012 and Windows 8

Updated: August 15, 2012

Applies To: Windows Server 2012

Set-VpnServerIPsecConfiguration

Sets the IPsec parameters for a site-to-site (S2S) server.

Syntax

Parameter Set: EncryptionType
Set-VpnServerIPsecConfiguration [-AsJob] [-CimSession <CimSession[]> ] [-EncryptionType <String> ] [-IdleDisconnectSeconds <UInt32> ] [-Ikev2Ports <UInt32> ] [-L2tpPorts <UInt32> ] [-PassThru] [-SADataSizeForRenegotiationKilobytes <UInt32> ] [-SALifeTimeSeconds <UInt32> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]

Parameter Set: CustomPolicy
Set-VpnServerIPsecConfiguration -CustomPolicy [-AsJob] [-AuthenticationTransformConstants <AuthenticationTransformConstants> ] [-CimSession <CimSession[]> ] [-CipherTransformConstants <CipherTransformConstants> ] [-DHGroup <DHGroup> ] [-EncryptionMethod <EncryptionMethod> ] [-IdleDisconnectSeconds <UInt32> ] [-Ikev2Ports <UInt32> ] [-IntegrityCheckMethod <IntegrityCheckMethod> ] [-L2tpPorts <UInt32> ] [-PassThru] [-PfsGroup <PfsGroup> ] [-SADataSizeForRenegotiationKilobytes <UInt32> ] [-SALifeTimeSeconds <UInt32> ] [-ThrottleLimit <Int32> ] [-Confirm] [-WhatIf] [ <CommonParameters>]




Detailed Description

The Set-VpnServerIPsecConfiguration cmdlet configures IPsec properties on Routing and Remote Access (RRAS) server for incoming site-to-site (S2S) VPN interfaces. If the CustomPolicy parameter is specified, then IPsec parameters can be customized.

Parameters

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete. The cmdlet immediately returns an object that represents the job and then displays the command prompt. You can continue to work in the session while the job completes. To manage the job, use the *-Job cmdlets. To get the job results, use the Receive-Job cmdlet. For more information about Windows PowerShell® background jobs, see about_Jobs.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-AuthenticationTransformConstants<AuthenticationTransformConstants>

Specifies the authentication transform in the IPsec policy.


Aliases

none

Required?

false

Position?

named

Default Value

2

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CimSession<CimSession[]>

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-CipherTransformConstants<CipherTransformConstants>

Specifies the cipher in the IPsec policy.


Aliases

none

Required?

false

Position?

named

Default Value

1

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-CustomPolicy

Specifies the custom IKE IPsec policies.


Aliases

none

Required?

true

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-DHGroup<DHGroup>

Specifies the Diffie-Hellman (DH) group in the IPsec policy.


Aliases

none

Required?

false

Position?

named

Default Value

2

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EncryptionMethod<EncryptionMethod>

Specifies the encryption method in the IKE policy.


Aliases

none

Required?

false

Position?

named

Default Value

4

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-EncryptionType<String>

Specifies the type of encryption.


Aliases

none

Required?

false

Position?

named

Default Value

OptionalEncryption

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-IdleDisconnectSeconds<UInt32>

Specifies the time, in seconds, after which an idle connection is disconnected. Unless the idle time-out is Disabled, the entire connection is disconnected if the connection is idle for the specified interval.


Aliases

none

Required?

false

Position?

named

Default Value

300

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-Ikev2Ports<UInt32>

Specifies the number of IKEv2 ports to create.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-IntegrityCheckMethod<IntegrityCheckMethod>

Specifies the integrity method in the IPsec policy.


Aliases

none

Required?

false

Position?

named

Default Value

2

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-L2tpPorts<UInt32>

Specifies the number of L2TP ports to create.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-PfsGroup<PfsGroup>

Specifies the perfect forward secrecy (PFS) group in the IPsec policy.


Aliases

none

Required?

false

Position?

named

Default Value

3

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SADataSizeForRenegotiationKilobytes<UInt32>

Specifies the number of kilobytes that are allowed to transfer using a security association (SA). After that the SA will be renegotiated.


Aliases

none

Required?

false

Position?

named

Default Value

10000

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-SALifeTimeSeconds<UInt32>

Specifies the lifetime of a SA in seconds, after which the SA is no longer valid.


Aliases

none

Required?

false

Position?

named

Default Value

7200

Accept Pipeline Input?

True (ByPropertyName)

Accept Wildcard Characters?

false

-ThrottleLimit<Int32>

Specifies the maximum number of concurrent operations that can be established to run the cmdlet. If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer. The throttle limit applies only to the current cmdlet, not to the session or to the computer.


Aliases

none

Required?

false

Position?

named

Default Value

none

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-Confirm

Prompts you for confirmation before running the cmdlet.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.


Required?

false

Position?

named

Default Value

false

Accept Pipeline Input?

false

Accept Wildcard Characters?

false

<CommonParameters>

This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see    about_CommonParameters.

Inputs

The input type is the type of the objects that you can pipe to the cmdlet.

  • None

Outputs

The output type is the type of the objects that the cmdlet emits.

  • Microsoft.Management.Infrastructure.CimInstance#VpnServerIPsecConfiguration

    The Microsoft.Management.Infrastructure.CimInstance object is a wrapper class that displays Windows Management Instrumentation (WMI) objects. The path after the pound sign (#) provides the namespace and class name for the underlying WMI object.


Examples

EXAMPLE 1

This example modifies the number of seconds to idle before disconnecting for the VPN server.


PS C:\> Set-VpnServerIPsecConfiguration –IdleDisconnectSeconds 1000 -PassThru
WARNING: Configuration parameters will be modified after the Remote Access service is restarted. 
 
EncryptionType                 : OptionalEncryption 
Ikev2Ports                     : 5 
IdleDisconnect(s)              : 1000 
L2tpPorts                      : 5 
SADataSizeForRenegotiation(KB) : 102400 
SALifeTime(s)                  : 28800 

EXAMPLE 2

This example sets a custom IPsec policy for incoming VPN connections and S2S VPN connections for which the authentication method is not PSK.


PS C:\> Set-VpnServerIPsecConfiguration -CustomPolicy -EncryptionMethod "AES128" -DhGroup "Group2" -PfsGroup "PFS2" -CipherTransformConstants "AES128" -IntegrityCheckMethod "SHA256" -AuthenticationTransformConstants "SHA256128" -PassThru
WARNING: Configuration parameters will be modified after the Remote Access service is restarted. 
 
AuthenticationTransformConstants : SHA256128 
CipherTransformConstants         : AES128 
CustomPolicy                     : True 
DHGroup                          : Group2 
EncryptionMethod                 : AES128 
Ikev2Ports                       : 5 
IdleDisconnect(s)                : 1000 
IntegrityCheckMethod             : SHA256 
L2tpPorts                        : 5 
PFSgroup                         : PFS2 
SADataSizeForRenegotiation(KB)   : 102400 
SALifeTime(s)                    : 28800 

Related topics

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.