Table of contents
TLS
TOC
Collapse the table of content
Expand the table of content

Set-VpnServerConfiguration

Brian Lich|Last Updated: 4/3/2017

SYNOPSIS

Updates S2S server parameters.

SYNTAX

EncryptionType (Default)

Set-VpnServerConfiguration [-TunnelType <TunnelType>] [-SstpPorts <UInt32>] [-GrePorts <UInt32>]
 [-IdleDisconnectSeconds <UInt32>] [-SALifeTimeSeconds <UInt32>] [-MMSALifeTimeSeconds <UInt32>]
 [-SADataSizeForRenegotiationKilobytes <UInt32>] [-Ikev2Ports <UInt32>] [-L2tpPorts <UInt32>] [-PassThru]
 [-EncryptionType <String>] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [-WhatIf] [-Confirm]
 [<CommonParameters>]

RevertToDefault

Set-VpnServerConfiguration [-TunnelType <TunnelType>] [-PassThru] [-RevertToDefault]
 [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [-WhatIf] [-Confirm] [<CommonParameters>]

CustomPolicy

Set-VpnServerConfiguration [-TunnelType <TunnelType>] [-SstpPorts <UInt32>] [-GrePorts <UInt32>]
 [-IdleDisconnectSeconds <UInt32>] [-SALifeTimeSeconds <UInt32>] [-MMSALifeTimeSeconds <UInt32>]
 [-SADataSizeForRenegotiationKilobytes <UInt32>] [-Ikev2Ports <UInt32>] [-L2tpPorts <UInt32>] [-PassThru]
 [-CustomPolicy] [-EncryptionMethod <EncryptionMethod>] [-IntegrityCheckMethod <IntegrityCheckMethod>]
 [-CipherTransformConstants <CipherTransformConstants>] [-PfsGroup <PfsGroup>]
 [-AuthenticationTransformConstants <AuthenticationTransformConstants>] [-DHGroup <DHGroup>]
 [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [-AsJob] [-WhatIf] [-Confirm] [<CommonParameters>]

DESCRIPTION

The Set-VpnServerConfiguration cmdlet updates IPSEC properties on RRAS server for incoming S2S VPN Interfaces. By Specifying CustomPolicy, IPsec parameters can be customized.

EXAMPLES

Example 1: Modify the idle disconnect seconds of a VPN server

PS C:\>Set-VpnServerIPsecConfiguration -IdleDisconnectSeconds 1000 -PassThru
WARNING: Configuration parameters will be modified after the Remote Access service is restarted. 

EncryptionType                 : OptionalEncryption
Ikev2Ports                     : 5
IdleDisconnect(s)              : 1000
L2tpPorts                      : 5
SADataSizeForRenegotiation(KB) : 102400
SALifeTime(s)                  : 28800

This command modifies the idle disconnect seconds of the VPN server.

Example 2: Plumb custom IPsec policy for incoming VPN connections

PS C:\>Set-VpnServerIPsecConfiguration -CustomPolicy -EncryptionMethod "AES128" -DhGroup "Group2" -PfsGroup "PFS2" -CipherTransformConstants "AES128"  -IntegrityCheckMethod "SHA256" -AuthenticationTransformConstants "SHA256128" -PassThru
WARNING: Configuration parameters will be modified after the Remote Access service is restarted. 

AuthenticationTransformConstants : SHA256128
CipherTransformConstants         : AES128
CustomPolicy                     : True
DHGroup                          : Group2
EncryptionMethod                 : AES128
Ikev2Ports                       : 5
IdleDisconnect(s)                : 1000
IntegrityCheckMethod             : SHA256
L2tpPorts                        : 5
PFSgroup                         : PFS2
SADataSizeForRenegotiation(KB)   : 102400
SALifeTime(s)                    : 28800

This command plumbs custom IPsec policy for incoming VPN connections and site to site VPN connections whose authentication method is not pre shared key.

PARAMETERS

-AsJob

Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-AuthenticationTransformConstants

Specifies the authentication transform plumbed in Ipsec policy.

Type: AuthenticationTransformConstants
Parameter Sets: CustomPolicy
Aliases: FirstTransformType
Accepted values: MD596, SHA196, SHA256128, GCMAES128, GCMAES192, GCMAES256, None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-CimSession

Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.

Type: CimSession[]
Parameter Sets: (All)
Aliases: Session

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-CipherTransformConstants

Specifies the cipher plumbed in IPsec policy.

Type: CipherTransformConstants
Parameter Sets: CustomPolicy
Aliases: FirstCipherAlgorithm, OtherCipherAlgorithm
Accepted values: DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256, None

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: cf

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

-CustomPolicy

Indicates the custom IKE IPSEC policy.

Type: SwitchParameter
Parameter Sets: CustomPolicy
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-DHGroup

Specifies the DH Group Plumbed in Ipsec policy.

Type: DHGroup
Parameter Sets: CustomPolicy
Aliases: 
Accepted values: None, Group1, Group2, Group14, ECP256, ECP384, Group24

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-EncryptionMethod

Specifies the encryption method plumbed in IKE policy.

Type: EncryptionMethod
Parameter Sets: CustomPolicy
Aliases: Encryption
Accepted values: DES, DES3, AES128, AES192, AES256

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-EncryptionType

Specifies the type of Encryption.

Type: String
Parameter Sets: EncryptionType
Aliases: 
Accepted values: NoEncryption, RequireEncryption, OptionalEncryption, MaximumEncryption

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-GrePorts

Specifies the number of Generic Routing Encapsulation (GRE) ports.

Type: UInt32
Parameter Sets: EncryptionType, CustomPolicy
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-IdleDisconnectSeconds

Specifies the time, in seconds, after which an idle connection is terminated. Unless the idle time-out is disabled, the entire connection is terminated if the connection is idle for the specified interval.

Type: UInt32
Parameter Sets: EncryptionType, CustomPolicy
Aliases: IdleDurationSeconds

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-Ikev2Ports

Specifies the number of IKEv2 ports that are created.

Type: UInt32
Parameter Sets: EncryptionType, CustomPolicy
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-IntegrityCheckMethod

Specifies the integrity method plumbed in IPsec policy.

Type: IntegrityCheckMethod
Parameter Sets: CustomPolicy
Aliases: FirstIntegrityAlgorithm, OtherHashAlgorithm
Accepted values: MD5, SHA1, SHA256, SHA384

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-L2tpPorts

Specifies the number of L2TP ports that are created.

Type: UInt32
Parameter Sets: EncryptionType, CustomPolicy
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-MMSALifeTimeSeconds

Specifies the lifetime of a Main Mode security association (SA) in seconds, after which the SA is no longer valid.

Type: UInt32
Parameter Sets: EncryptionType, CustomPolicy
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-PassThru

Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-PfsGroup

Specifies the PFS Group plumbed in Ipsec policy.

Type: PfsGroup
Parameter Sets: CustomPolicy
Aliases: PfsGroupId
Accepted values: None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFSMM, PFS24

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-RevertToDefault

Indicates that the IPsec parameters revert to a default value

Type: SwitchParameter
Parameter Sets: RevertToDefault
Aliases: 

Required: True
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-SADataSizeForRenegotiationKilobytes

Specifies the number of kilobytes that are allowed to transfer using a security association (SA), after which the SA will be renegotiated.

Type: UInt32
Parameter Sets: EncryptionType, CustomPolicy
Aliases: LifeTimeKiloBytes

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SALifeTimeSeconds

Specifies the lifetime of a SA in seconds, after which the SA is no longer valid.

Type: UInt32
Parameter Sets: EncryptionType, CustomPolicy
Aliases: LifeTimeSeconds, QMSALifeTimeSeconds

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-SstpPorts

Specifies the number of SSTP ports.

Type: UInt32
Parameter Sets: EncryptionType, CustomPolicy
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-ThrottleLimit

Specifies the maximum number of concurrent connections that can be established to run this command. If you omit this parameter or enter a value of 0, the default value, 32, is used.

Type: Int32
Parameter Sets: (All)
Aliases: 

Required: False
Position: Named
Default value: None
Accept pipeline input: False
Accept wildcard characters: False

-TunnelType

Specifies the Tunnel Type to which Custom Policy is to be applied

Type: TunnelType
Parameter Sets: (All)
Aliases: 
Accepted values: IKEV2, L2TP

Required: False
Position: Named
Default value: None
Accept pipeline input: True (ByPropertyName)
Accept wildcard characters: False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type: SwitchParameter
Parameter Sets: (All)
Aliases: wi

Required: False
Position: Named
Default value: False
Accept pipeline input: False
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

Microsoft.Management.Infrastructure.CimInstance#VpnServerIPsecConfiguration

NOTES

Get-VpnServerConfiguration

© 2017 Microsoft