PowerShell Logo Small

New-NetIPsecQuickModeCryptoProposal



This is the built-in help made by Microsoft for the command 'New-NetIPsecQuickModeCryptoProposal', in PowerShell version 4 - as retrieved from Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Creates a quick mode cryptographic proposal that specifies a suite of cryptographic protocols to offer in IPsec quick mode negotiations with other computers.

SYNTAX


New-NetIPsecQuickModeCryptoProposal [-AHHash <HashAlgorithm>] [-Encapsulation <IPsecEncapsulation>] [-Encryption <EncryptionAlgorithm>] [-ESPHash <HashAlgorithm>] [-M
axKiloBytes <UInt64>] [-MaxMinutes <UInt64>] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The New-NetIPsecQuickModeCryptoProposal cmdlet creates a single cryptographic proposal to be used in quick mode negotiations.


A NetIPsecQuickModeCryptoProposal object provides the necessary security parameters for the negotiation of a quick mode security association (SA). The IPsec protocol,
either AH or ESP, is provide in the Encapsulation parameter, the hashing algorithm for data integrity and authentication in the AHHash and ESPHash parameters, and th
e algorithm for encryption, if requested, in the Encryption parameter.


Multiple NetIPsecQuickModeCryptoProposal fields are grouped into a single NetIPsecQuickModeCryptoSet object. The quick mode exchange will use the first proposal that
the peers have in common. A NetIPsecPhase2AuthSet object and a NetIPsecMainModeCryptoSet object get associated to a NetIPsecRule object to provide all the necessary S
A parameters for customized quick mode negotiations.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=288119
New-NetIPsecMainModeCryptoSet
New-NetIPsecRule

REMARKS

<

Examples


EXAMPLE 1

PS C:\>$QMProposal = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash SHA1 -Encryption AES128



PS C:\>$QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName "esp:sha1-des3" -Proposal $QMProposal



PS C:\>New-NetIPSecRule -DisplayName "Tunnel from HQ to Dallas Branch" -Mode Tunnel -LocalAddress 192.168.0.0/16 -RemoteAddress 192.157.0.0/16 -LocalTunnelEndpoint 1.
1.1.1 -RemoteTunnelEndpoint 2.2.2.2 -InboundSecurity Require -OutboundSecurity Require -QuickModeCryptoSet $QMCryptoSet.Name



This example creates an IPsec tunnel that routes traffic from a private network (192.168.0.0/16) through an interface on the local computer (1.1.1.1) attached to a pu
blic network to a second computer through its public interface (2.2.2.2) to another private network (192.157.0.0/16). All traffic through the tunnel is integrity chec
ked using ESP and SHA1, and encrypted using ESP and AES128.




EXAMPLE 2

This cmdlet illustrates how to include both AH and ESP protocols in a single suite.
PS C:\>$AHandESPQM = New-NetIPsecQuickModeCryptoProposal -Encapsulation AH,ESP -AHHash SHA1 -ESPHash SHA1 -Encryption DES3


This cmdlet illustrates how to specify the use of the AH protocol only.
PS C:\>$AHQM = New-NetIPsecQuickModeCryptoProposal -Encapsulation AH -AHHash SHA1 -ESPHash None -Encryption None


This cmdlet illustrates how to specify the use of the ESP protocol only, and uses the None keyword to specify not to include an encryption option, also known as "ESP
null encryption".
PS C:\>$ESPQM = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash SHA1 -Encryption None


This cmdlet illustrates how to use the None keyword to specify that ESP is used with an encryption protocol, but with no integrity protocol. This cmdlet also illustra
tes how to set a custom SA timeout using both time and data amount values.
PS C:\>$ESPnoAHQM = New-NetIPsecQuickModeCryptoProposal -Encapsulation ESP -ESPHash None -Encryption AES256 -MaxKiloBytes 50000 -MaxMinutes 30



PS C:\>$QMCryptoSet = New-NetIPsecQuickModeCryptoSet –DisplayName "Custom Quick Mode" -Proposal $AHandESPQM,$AHQM,$ESPQM,$ESPnoAHQM



PS C:\>New-NetIPsecRule -DisplayName "Domain Isolation Rule" -InboundSecurity Require Request -OutboundSecurity Request -QuickModeCryptoSet $QMCryptoSet.Name



This example creates a domain isolation rule, but uses a custom quick mode proposal that includes multiple quick mode suites, separated by commas.