How to configure IPSec encryption and integrity algorithm in Windows 2003

This lesson explains how to configure Internet Protocol Security (IPSec) Integrity and Encryption algorithms in Windows 2003.

If you select "Negotiate Security", you can specify you require Authetication Header (AH), Encapsulating Security Payload (ESP) or both. You can also specify the encryption algorithm (DES or 3DES) and the integrity algorithm (MD5 or SHA1).

Click "Add" in the "Edit Rule Properties" dialog box.

Selct "Negotiate Security" in the "New Filter Action" dialog box and Click "Add".

You can select either Authetication Header (AH), Encapsulating Security Payload (ESP) or both here. "Integrity and encryption" will enable ESP with data integrity and confidentiality. "Integrity only" will enable ESP with only data integrity. You can select "Custom" to customize your IPSec protocols and algorithms. Select "Custom" radio button and click "Settings".

You can select IPSec protocols Authentication Header (AH), Encapsulating Security Payload (ESP) or both in this dialog box. If you select Authentication header, you need to select an Integrity Algorithm also (MD5 or SHA1). If you select Encapsulating Security Payload, you need to select both Integrty Algorithm(MD5 or SHA1) and encryption algorithm (DES or 3DES).

In the "Session key settings", you can specify an intervel to generate a new session key. Reducing this value will increase your security, but decrease the performance. The interval can be specified in data size (Kilobytes) or seconds. Session key generation process will be started whichever come first.

In this lesson, you have learned how to configure Internet Protocol Security (IPSec) Integrity and Encryption algorithms in Windows 2003.