New-NetIPsecMainModeCryptoProposal
New-NetIPsecMainModeCryptoProposal
Creates a main mode cryptographic proposal that specifies a suite of cryptographic protocols to offer in IPsec main mode negotiations with other computers.
구문
Parameter Set: Default
New-NetIPsecMainModeCryptoProposal [-Encryption <EncryptionAlgorithm> ] [-Hash <HashAlgorithm> ] [-KeyExchange <DiffieHellmanGroup> ] [ <CommonParameters>]
자세한 설명
The New-NetIPsecMainModeCryptoProposal cmdlet creates a single cryptographic proposal to be used in main mode negotiations.
A NetIPsecMainModeCryptoProposal object provides three of the mandatory four parameters for the negotiation of a main mode security association (SA): The encryption algorithm is provided in the Encryption parameter, the hashing algorithm in the Hash parameter, and the Diffie-Hellman (DH) key exchange group to be used for the base keying material in the KeyExchange parameter. The remaining parameter; the authentication method, such as Kerberos v5, certificate, or pre-shared key authentication, is given through NetIPsecPhase1AuthSet and NetIPsecPhase2AuthSet objects.
Multiple NetIPsecMainModeCryptoProposal fields are grouped into a single NetIPsecMainModeCryptoSet object. The main mode exchange will use the first proposal that the responder has in common with the sender. A NetIPsecPhase1AuthSet object and a NetIPsecMainModeCryptoSet object get associated to a NetIPsecMainModeRule object to provide all the necessary SA parameters for customized main mode negotiations.
매개 변수
-Encryption<EncryptionAlgorithm>
Specifies the encryption algorithm to use for IPsec main mode security association negotiations. The block size of the encryption and hashing algorithms must be the same.
이 매개 변수에 허용되는 값은 다음과 같습니다. None, DES, DES3, AES128, AES192, AES256, AESGCM128, AESGCM192, or AESGCM256.
None implies Null Encryption per the RFC standard.
The default value is AES256.
Note: Neither GCM, for encryption, nor GMAC, for hashing, are supported in main mode. These are quick mode only.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-Hash<HashAlgorithm>
Specifies the hashing function to use for IPsec main mode security association negotiations. The block size of the encryption and hashing algorithms should be the same.
이 매개 변수에 허용되는 값은 다음과 같습니다. None, MD5, SHA1, SHA256, SHA384, AESGMAC128, AESGMAC192, or AESGMAC256.
The default value is SHA384.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
-KeyExchange<DiffieHellmanGroup>
Specifies the Diffie-Hellman group to use for IPsec main mode security association negotiations.
이 매개 변수에 허용되는 값은 다음과 같습니다. None, DH1, DH2, DH14, DH19, DH20, or DH24.
The default value is None.
Note: SameAsMainMode is only valid for proposals added to quick mode cryptographic sets with PerfectForwardSecrecyGroup (PFS) specified using SameAsMainMode.
별칭 |
없음 |
필수 여부 |
false |
위치 |
named |
기본값 |
없음 |
파이프라인 입력 적용 여부 |
false |
와일드카드 문자 허용 여부 |
false |
<CommonParameters>
이 cmdlet은 일반 매개 변수 -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer 및 -OutVariable을 지원합니다. 자세한 내용은 다음을 참조하세요. about_CommonParameters(https://go.microsoft.com/fwlink/p/?LinkID=113216).
입력
입력 유형은 cmdlet에 파이프할 수 있는 개체의 유형입니다.
- None
출력
출력 유형은 cmdlet이 내보내는 개체의 유형입니다.
Microsoft.Management.Infrastructure.CimInstance#root\StandardCimv2\NetIPsecMainModeCryptoProposal
Microsoft.Management.Infrastructure.CimInstance
개체는 WMI(Windows Management Instrumentation) 개체를 표시하는 래퍼 클래스입니다. 파운드 기호(#
) 뒤에 오는 경로는 기본 WMI 개체의 네임스페이스 및 클래스 이름을 제공합니다.
예제
EXAMPLE 1
This example creates a main mode rule linked to a cryptographic set that contains three cryptographic proposals.
PS C:\> $proposal1 = (New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH1)
PS C:\> $proposal2 = (New-NetIPsecMainModeCryptoProposal -Encryption AES192 -Hash MD5 -KeyExchange DH14)
PS C:\> $proposal3 = (New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH19)
PS C:\> $mMCryptoSet= (New-NetIPsecMainModeCryptoSet -DisplayName "Main Mode Crypto Set" -Proposal $proposal1,$proposal2,$proposal3)
This cmdlet shows an alternative method of accomplishing the previous steps.
PS C:\> $mMCryptoSet = New-NetIPsecMainModeCryptoSet -DisplayName "Main Mode Crypto Set" -Proposal (New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH1),(New-NetIPsecMainModeCryptoProposal -Encryption AES192 -Hash MD5 -KeyExchange DH14),(New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH19)
PS C:\> New-NetIPsecMainModeRule -DisplayName "Main Mode Rule" -MainModeCryptoSet $mMCryptoSet.Name