PowerShell Logo Small


This is the built-in help made by Microsoft for the command 'Get-NetIPsecMainModeSA', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.


Returns active main mode security associations (SA) from the target computer.


Get-NetIPsecMainModeSA [-All] [-AsJob] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [<CommonParameters>]
Get-NetIPsecMainModeSA [-Name] <String[]> [-AsJob] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] [<CommonParameters>]
Get-NetIPsecMainModeSA [-AsJob] [-CimSession <CimSession[]>] [-ThrottleLimit <Int32>] -AssociatedNetIPsecQuickModeSA <CimInstance> [<CommonParameters>]

Search powershellhelp.space


The Get-NetIPsecMainModeSA cmdlet gets an active main mode security association (SA). This cmdlet is used for policy monitoring.

An SA is generated when main mode negotiation establishes a secure, authenticated channel between two computers. The SA is the information maintained about that secure
channel on the local computer so that it can use the information for future network traffic to the remote computer.

An SA is the combination of a negotiated key, security protocol, and SPI, which together define the security used to protect the communication from sender to receiver.
Therefore, by looking at the security associations for this computer, which computers have connections with this computer can be determined, which type of data integrity and
encryption is being used for that connection, and other information. This information can be helpful when testing IPsec policies and troubleshooting access issues.

There are four mandatory parameters that negotiated as part of the main mode SA:

-- The computer authentication method: Kerberos v5, certificate, or pre-shared key (PSK) authentication, provided by the NetIPsecPhase1AuthSet object.

-- The encryption algorithm, provided by the NetIPsecMainModeCryptoSet object.

-- The hashing algorithm, provided by the NetIPsecMainModeCryptoSet object.

-- The Diffie-Hellman (DH) key exchange group to be used for the base keying material, provided by theNetIPsecMainModeCryptoSet object.



Online Version: http://go.microsoft.com/fwlink/?LinkId=286446





PS C:\>Get-NetIPsecMainModeSA –PolicyStore ActiveStore

This example returns all of the active main mode cryptographic sets on the local computer.

Example 2

PS C:\>$computer1 = "RemoteMachineName"

PS C:\>Get-NetIPsecMainModeSA –Name "196511" –CimSession $Computer1 | Remove-NetIPsecQuickModeSA –CimSession $computer1

This example removes all of the active quick mode cryptographic sets associated with the specified main mode security association on a remote computer.