PowerShell Logo Small

Set-VpnConnectionIPsecConfiguration



This is the built-in help made by Microsoft for the command 'Set-VpnConnectionIPsecConfiguration', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Sets the IPsec parameters of a VPN connection.

SYNTAX


Set-VpnConnectionIPsecConfiguration [-ConnectionName] <String> [-RevertToDefault] [-AllUserConnection] [-AsJob] [-CimSession <CimSession[]>] [-Force] [-ThrottleLimit
<Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]
Set-VpnConnectionIPsecConfiguration [-ConnectionName] <String> [-AuthenticationTransformConstants] <AuthenticationTransformConstants> [-CipherTransformConstants]
<CipherTransformConstants> [-DHGroup] <DHGroup> [-EncryptionMethod] <EncryptionMethod> [-IntegrityCheckMethod] <IntegrityCheckMethod> [-PfsGroup] <PfsGroup>
[-AllUserConnection] [-AsJob] [-CimSession <CimSession[]>] [-Force] [-PassThru] [-ThrottleLimit <Int32>] [-Confirm] [-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Set-VpnConnectionIpsecConfiguration cmdlet sets the IPsec parameters of a VPN connection. The settings apply only to IKEv2 and L2TP VPN connections.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkId=290789
Set-VpnServerIPsecConfiguration

REMARKS

<

Examples


Example 1: Set the IPsec configuration for an IKEv2 tunnel

PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType Ikev2
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants None -CipherTransformConstants AES256 -EncryptionMethod AES256
-IntegrityCheckMethod SHA384 -PfsGroup None -DHGroup ECP384 -PassThru -Force
AuthenticationTransformConstants : None

CipherTransformConstants : AES256

DHGroup : ECP384

IntegrityCheckMethod : SHA384

PfsGroup : None

EncryptionMethod : AES256



This example sets the IPsec configuration for a VPN connection using IKEv2.

The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.

The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration by using the ConnectionName parameter. The command also specifies values for
the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters.




Example 2: Set the IPsec configuration for an L2TP tunnel

PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType L2tp
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants None -CipherTransformConstants AES128 -EncryptionMethod AES128
-IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup ECP256 -PassThru -Force
AuthenticationTransformConstants : None

CipherTransformConstants : AES128

DHGroup : ECP256

IntegrityCheckMethod : SHA256

PfsGroup : None

EncryptionMethod : AES128



This example sets the IPsec configuration for an L2TP tunnel.

The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The command also specifies an L2TP tunnel.

The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration. The command also specifies values for the CipherTransformConstants,
EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters.




Example 3: Set the IPsec configuration for an IKEv2 tunnel with 128-bit data blocks

PS C:\>Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType Ikev2
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants None -EncryptionMethod AES128
-IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup ECP256 -PassThru -Force
AuthenticationTransformConstants : GCMAES128

CipherTransformConstants : None

DHGroup : ECP256

IntegrityCheckMethod : SHA256

PfsGroup : None

EncryptionMethod : AES128



This example sets the IPsec configuration for an IKEv2 tunnel with authentication transform constants.

The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.

The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration. The command also specifies values for the CipherTransformConstants,
EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters, as well as specifying a value for the AuthenticationTransformConstants parameter.




Example 4: Set the IPsec configuration for an IKEv2 tunnel with 256-bit data blocks

PS C:\>Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType Ikev2
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants None -EncryptionMethod AES256
-IntegrityCheckMethod SHA384 -PfsGroup None -DHGroup ECP384 -PassThru -Force
AuthenticationTransformConstants : GCMAES256

CipherTransformConstants : None

DHGroup : ECP384

IntegrityCheckMethod : SHA384

PfsGroup : None

EncryptionMethod : AES256



This example sets the IPsec configuration for an IKEv2 tunnel, and specifies authentication transform constants.

The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.

The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration. The command also specifies values for the CipherTransformConstants,
EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters, as well as specifying a value for the AuthenticationTransformConstants parameter.