PowerShell Logo Small

New-NetIPsecMainModeCryptoSet



This is the built-in help made by Microsoft for the command 'New-NetIPsecMainModeCryptoSet', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Creates a main mode cryptographic set that contains suites of cryptographic protocols to offer in IPsec main mode negotiations with other computers.

SYNTAX


New-NetIPsecMainModeCryptoSet [-AsJob] [-CimSession <CimSession[]>] [-Default] [-Description <String>] [-ForceDiffieHellman <Boolean>] [-GPOSession <String>] [-Group
<String>] [-MaxMinutes <UInt32>] [-MaxSessions <UInt32>] [-Name <String>] [-PolicyStore <String>] [-ThrottleLimit <Int32>] -DisplayName <String> -Proposal <CimInstance[]>
[-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The New-NetIPsecMainModeCryptoSet cmdlet creates a cryptographic set to be used to negotiate a main mode security association (SA).


A main mode cryptographic set is an ordered list of cryptographic proposals.


Each proposal in the set specifies a set of encryption, hashing, and key exchange algorithms to propose. Proposals can be created by running the
New-NetIPsecMainModeCryptoProposal cmdlet. The main mode exchange will use the first proposal that the peer computers have in common.


The default main mode cryptographic set is used with all IPsec rules. IPsec rules are specified by the Default parameter at creation time. Additional main mode cryptographic
sets can be used with IPsec main mode rules for fully customized main mode negotiations.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=288042
New-NetFirewallRule
New-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeRule
Open-NetGPO
Rename-NetIPsecMainModeCryptoSet
Save-NetGPO
Set-NetFirewallRule
Set-NetIPsecMainModeCryptoSet
New-NetIPsecMainModeCryptoProposal
New-GPO

REMARKS

<

Examples


EXAMPLE 1

PS C:\>$proposal1 = (New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH1)



PS C:\>$proposal2 = (New-NetIPsecMainModeCryptoProposal -Encryption AES192 -Hash MD5 -KeyExchange DH14)



PS C:\>$proposal3 = (New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH19)



PS C:\>$mmCryptoSet = New-NetIPsecMainModeCryptoSet -DisplayName "Main Mode Crypto Set" -Proposal $proposal1, $proposal2, $proposal3



PS C:\>New-NetIPsecMainModeRule -DisplayName "Main Mode Rule" -MainModeCryptoSet $mmCryptoSet.Name



This example creates a main mode rule linked to a cryptographic set that contains three cryptographic proposals.




EXAMPLE 2

PS C:\>$dES3MD5DH1 = New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH1



PS C:\>$aES192MD5DH14 = New-NetIPsecMainModeCryptoProposal -Encryption AES192 -Hash MD5 -KeyExchange DH14



PS C:\>$dES3MD5DH19 = New-NetIPsecMainModeCryptoProposal -Encryption DES3 -Hash MD5 -KeyExchange DH19



PS C:\>New-NetIPsecMainModeCryptoSet -DisplayName "Default Main Mode Crypto Set" -Proposal $dES3MD5DH1, $aES192MD5DH14, $dES3MD5DH19 -Default



This example creates a cryptographic set that contains four cryptographic proposals and makes this the default main mode setting to be used with all network IPsec rules.