Routing and Remote Access Services encryption options for the L2TP/IPsec protocol on a Windows Server 2008-based Network Policy Server (NPS)

Article translations Article translations
Article ID: 954394 - View products that this article applies to.
Expand all | Collapse all

On This Page

INTRODUCTION

This article describes the Routing and Remote Access Services encryption options for the Layer Two Tunneling Protocol with IPsec (L2TP/IPsec) on a Windows Server 2008-based Network Policy Server (NPS) and also how to configure the strongest encryption for an IPsec policy.

MORE INFORMATION

The following are the Routing and Remote Access Services encryption options that are available for L2TP/IPsec.

No encryption

  • ESP SHA1
  • ESP MD5
  • AH SHA1
  • AH MD5

Optional encryption

  • ESP AES_128 SHA
  • ESP 3_DES MD5
  • ESP 3_DES SHA
  • AH SHA1 with ESP AES_128 with null HMAC
  • AH SHA1 with ESP 3_DES with null HMAC
  • AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES SHA1, no lifetimes
  • AH MD5 with ESP 3_DES MD5, no lifetimes
  • ESP DES MD5
  • ESP DES SHA1, no lifetimes
  • AH SHA1 with ESP DES null HMAC, no lifetimes proposed
  • AH MD5 with ESP DES null HMAC, no lifetimes proposed
  • AH SHA1 with ESP DES SHA1, no lifetimes
  • AH MD5 with ESP DES MD5, no lifetimes
  • ESP SHA, no lifetimes
  • ESP MD5, no lifetimes
  • AH SHA, no lifetimes
  • AH MD5, no lifetimes

Requires encryption

  • ESP AES_128 SHA
  • ESP 3_DES MD5
  • ESP 3_DES SHA
  • AH SHA1 with ESP AES_128 with null HMAC
  • AH SHA1 with ESP 3_DES with null HMAC
  • AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES SHA1, no lifetimes
  • AH MD5 with ESP 3_DES MD5, no lifetimes
  • ESP DES MD5
  • ESP DES SHA1, no lifetimes
  • AH SHA1 with ESP DES null HMAC, no lifetimes proposed
  • AH MD5 with ESP DES null HMAC, no lifetimes proposed
  • AH SHA1 with ESP DES SHA1, no lifetimes
  • AH MD5 with ESP DES MD5, no lifetimes

Strong encryption

  • ESP AES_256 SHA, no lifetimes
  • ESP 3_DES MD5, no lifetimes
  • ESP 3_DES SHA, no lifetimes
  • AH SHA1 with ESP AES_256 with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES SHA1, no lifetimes
  • AH MD5 with ESP 3_DES MD5, no lifetimes

Strongest encryption

  • ESP AES_256 SHA, no lifetimes
  • ESP 3_DES MD5, no lifetimes
  • ESP 3_DES SHA, no lifetimes
  • AH SHA1 with ESP AES_256 with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH MD5 with ESP 3_DES with null HMAC, no lifetimes proposed
  • AH SHA1 with ESP 3_DES SHA1, no lifetimes
  • AH MD5 with ESP 3_DES MD5, no lifetimes

How to configure the strongest encryption for an IPsec policy

To configure the strongest encryptions for an IPsec policy, follow these steps:
  1. Start the Network Policy Server (NPS) console. To do this, click Start, type Network Policy Server in the Start Search box, and then click Network Policy Server.
  2. Under NPS(Local), expand Policies, click Network Policies in the left navigation pane, and then select the relevant policy in the right navigation pane.
  3. Double-click the policy, and then click the Settings tab.
  4. In the Settings area, click Encryption under Routing and Remote Access.
  5. Click to select the Strongest encryption (MPPE 128-bit) check box.
  6. Click Apply, and then click OK to apply the strongest encryption.

Properties

Article ID: 954394 - Last Review: July 15, 2008 - Revision: 1.1
APPLIES TO
  • Windows Server 2008 Datacenter without Hyper-V
  • Windows Server 2008 Enterprise without Hyper-V
  • Windows Server 2008 for Itanium-Based Systems
  • Windows Server 2008 Standard without Hyper-V
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
Keywords: 
kbexpertiseinter kbinfo kbhowto KB954394

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com