This is the built-in help made by Microsoft for the command 'Set-VpnConnectionIPsecConfiguration', in PowerShell version 5 - as retrieved from
Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Sets the IPsec parameters of a VPN connection.
Set-VpnConnectionIPsecConfiguration [-ConnectionName] <String> [-RevertToDefault] [-AllUserConnection] [-AsJob] [-CimSession <CimSession[]>] [-Force] [-ThrottleLimit
<Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
Set-VpnConnectionIPsecConfiguration [-ConnectionName] <String> [-AuthenticationTransformConstants] <AuthenticationTransformConstants> [-CipherTransformConstants]
<CipherTransformConstants> [-DHGroup] <DHGroup> [-EncryptionMethod] <EncryptionMethod> [-IntegrityCheckMethod] <IntegrityCheckMethod> [-PfsGroup] <PfsGroup>
[-AllUserConnection] [-AsJob] [-CimSession <CimSession[]>] [-Force] [-PassThru] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
The Set-VpnConnectionIpsecConfiguration cmdlet sets the IPsec parameters of a VPN connection. The settings apply only to IKEv2 and L2TP VPN connections.
<
Online Version: http://go.microsoft.com/fwlink/?LinkId=290789
Set-VpnServerIPsecConfiguration
<
Example 1: Set the IPsec configuration for an IKEv2 tunnel
PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType Ikev2
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants None -CipherTransformConstants AES256 -EncryptionMethod AES256
-IntegrityCheckMethod SHA384 -PfsGroup None -DHGroup ECP384 -PassThru -Force
AuthenticationTransformConstants : None
CipherTransformConstants : AES256
DHGroup : ECP384
IntegrityCheckMethod : SHA384
PfsGroup : None
EncryptionMethod : AES256
This example sets the IPsec configuration for a VPN connection using IKEv2.
The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.
The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration by using the ConnectionName parameter. The command also specifies values for
the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters.
Example 2: Set the IPsec configuration for an L2TP tunnel
PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType L2tp
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants None -CipherTransformConstants AES128 -EncryptionMethod AES128
-IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup ECP256 -PassThru -Force
AuthenticationTransformConstants : None
CipherTransformConstants : AES128
DHGroup : ECP256
IntegrityCheckMethod : SHA256
PfsGroup : None
EncryptionMethod : AES128
This example sets the IPsec configuration for an L2TP tunnel.
The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The command also specifies an L2TP tunnel.
The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration. The command also specifies values for the CipherTransformConstants,
EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters.
Example 3: Set the IPsec configuration for an IKEv2 tunnel with 128-bit data blocks
PS C:\>Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType Ikev2
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants None -EncryptionMethod AES128
-IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup ECP256 -PassThru -Force
AuthenticationTransformConstants : GCMAES128
CipherTransformConstants : None
DHGroup : ECP256
IntegrityCheckMethod : SHA256
PfsGroup : None
EncryptionMethod : AES128
This example sets the IPsec configuration for an IKEv2 tunnel with authentication transform constants.
The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.
The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration. The command also specifies values for the CipherTransformConstants,
EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters, as well as specifying a value for the AuthenticationTransformConstants parameter.
Example 4: Set the IPsec configuration for an IKEv2 tunnel with 256-bit data blocks
PS C:\>Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType Ikev2
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants None -EncryptionMethod AES256
-IntegrityCheckMethod SHA384 -PfsGroup None -DHGroup ECP384 -PassThru -Force
AuthenticationTransformConstants : GCMAES256
CipherTransformConstants : None
DHGroup : ECP384
IntegrityCheckMethod : SHA384
PfsGroup : None
EncryptionMethod : AES256
This example sets the IPsec configuration for an IKEv2 tunnel, and specifies authentication transform constants.
The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.
The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration. The command also specifies values for the CipherTransformConstants,
EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters, as well as specifying a value for the AuthenticationTransformConstants parameter.