New-NetIPsecMainModeCryptoProposal

Windows Server 2012 R2 and Windows 8.1

New-NetIPsecMainModeCryptoProposal

Creates a main mode cryptographic proposal that specifies a suite of cryptographic protocols to offer in IPsec main mode negotiations with other computers.

구문

Parameter Set: Default
New-NetIPsecMainModeCryptoProposal [-Encryption <EncryptionAlgorithm> ] [-Hash <HashAlgorithm> ] [-KeyExchange <DiffieHellmanGroup> ] [ <CommonParameters>]




자세한 설명

The New-NetIPsecMainModeCryptoProposal cmdlet creates a single cryptographic proposal to be used in main mode negotiations.

A NetIPsecMainModeCryptoProposal object provides three of the mandatory four parameters for the negotiation of a main mode security association (SA): The encryption algorithm is provided in the Encryption parameter, the hashing algorithm in the Hash parameter, and the Diffie-Hellman (DH) key exchange group to be used for the base keying material in the KeyExchange parameter. The remaining parameter; the authentication method, such as Kerberos v5, certificate, or pre-shared key authentication, is given through NetIPsecPhase1AuthSet and NetIPsecPhase2AuthSet objects.

Multiple NetIPsecMainModeCryptoProposal fields are grouped into a single NetIPsecMainModeCryptoSet object. The main mode exchange will use the first proposal that the responder has in common with the sender. A NetIPsecPhase1AuthSet object and a NetIPsecMainModeCryptoSet object get associated to a NetIPsecMainModeRule object to provide all the necessary SA parameters for customized main mode negotiations.

매개 변수

-Encryption<EncryptionAlgorithm>

Specifies the encryption algorithm to use for IPsec main mode security association negotiations. The block size of the encryption and hashing algorithms must be the same.
이 매개 변수에 허용되는 값은 다음과 같습니다. None, DES, DES3, AES128, AES192, AES256, AESGCM128, AESGCM192, or AESGCM256.
None implies Null Encryption per the RFC standard.
The default value is AES256.
Note: Neither GCM, for encryption, nor GMAC, for hashing, are supported in main mode. These are quick mode only.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

false

와일드카드 문자 허용 여부

false

-Hash<HashAlgorithm>

Specifies the hashing function to use for IPsec main mode security association negotiations. The block size of the encryption and hashing algorithms should be the same.
이 매개 변수에 허용되는 값은 다음과 같습니다. None, MD5, SHA1, SHA256, SHA384, AESGMAC128, AESGMAC192, or AESGMAC256.
The default value is SHA384.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

false

와일드카드 문자 허용 여부

false

-KeyExchange<DiffieHellmanGroup>

Specifies the Diffie-Hellman group to use for IPsec main mode security association negotiations.
이 매개 변수에 허용되는 값은 다음과 같습니다. None, DH1, DH2, DH14, DH19, DH20, or DH24.
The default value is None.
Note: SameAsMainMode is only valid for proposals added to quick mode cryptographic sets with PerfectForwardSecrecyGroup (PFS) specified using SameAsMainMode.


별칭

없음

필수 여부

false

위치

named

기본값

없음

파이프라인 입력 적용 여부

false

와일드카드 문자 허용 여부

false

<CommonParameters>

이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(http://go.microsoft.com/fwlink/p/?LinkID=113216).

입력

입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.

  • None

출력

출력 유형은 cmdlet이 내보내는 개체의 유형입니다.

  • Microsoft.Management.Infrastructure.CimInstance#root\StandardCimv2\NetIPsecMainModeCryptoProposal

    Microsoft.Management.Infrastructure.CimInstance 개체는 WMI(Windows Management Instrumentation) 개체를 표시하는 래퍼 클래스입니다. 파운드 기호(#) 뒤에 오는 경로는 기본 WMI 개체의 네임스페이스 및 클래스 이름을 제공합니다.


예제

EXAMPLE 1

This example creates a main mode rule linked to a cryptographic set that contains three cryptographic proposals.


 

PS C:\> $proposal1 = (New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH1)

 

PS C:\> $proposal2 = (New-NetIPsecMainModeCryptoProposal -Encryption AES192 -Hash MD5 -KeyExchange DH14)

 

PS C:\> $proposal3 = (New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH19)

 

PS C:\> $mMCryptoSet= (New-NetIPsecMainModeCryptoSet -DisplayName "Main Mode Crypto Set" -Proposal $proposal1,$proposal2,$proposal3)

 

This cmdlet shows an alternative method of accomplishing the previous steps.


PS C:\> $mMCryptoSet = New-NetIPsecMainModeCryptoSet -DisplayName "Main Mode Crypto Set" -Proposal (New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH1),(New-NetIPsecMainModeCryptoProposal -Encryption AES192 -Hash MD5 -KeyExchange DH14),(New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH19)

 

PS C:\> New-NetIPsecMainModeRule -DisplayName "Main Mode Rule" -MainModeCryptoSet $mMCryptoSet.Name

관련 항목

커뮤니티 추가 항목

추가
표시: