This topic describes how to configure an IP Security (IPsec) network for Windows® PE Clients. Windows PE supports IPsec protocol by default, but in some cases the computer you want to connect to will not allow a connection. You must configure the security policy to allow the Windows PE client to connect.
By default, Windows PE IPsec policy uses the following security and authentication methods:
- MM Security Offer: AES128-SHA1-ECP256;
Where MM is Main Mode.
- MM Authentication Method: Anonymous
- QM Policy: 3DES-SHA1; AES128-SHA1
Where QM is Quick Mode.
- QM Authentication Method: NTLMv2
To configure an IPsec policy
On the networked computer you are trying to access, configure the following:
- Click Start, point to Administrative Tools, and
then click Windows Firewall with Advanced Security.
- In the left pane, right-click Windows Firewall with Advanced
Security and then select Properties.
- On the Windows Firewall with Advanced Security on
Local Computer Properties window, select the IPsec
Settings Tab. Under the IPsec defaults section, click the
Customize button.
The Customize IPsec Settings window opens.
- In Customize IPsec Settings, in Key exchange (Main
Mode), select Customize.
The Customize Advanced Key Exchange Settings window opens.
- In the Key Exchange Algorithm section, select
Elliptical Curve Diffie-Hellman P-256.
- In the Security Methods section, verify that the SHA1
(Integrity) AES-128 (Encryption) method is included in the list
of security methods, and then click OK.
- In the left pane, right-click the Connection Security Rule
Node, and then select New Rule.
- In the New Connection Security Rule Wizard, select
Custom, and then click Next.
- In the Endpoints section, add the IP addresses of the
Windows PE computers (Endpoint 1) and the local computer
(Endpoint 2), and then click Next.
- In the Requirements section, select the Require
Authentication for inbound and outbound connections option, and
then click Next.
- In the Authentication Method section, select the
Advanced option, and then click the Customize
button.
- In Customize Advanced Authentication Methods, in the
First authentication area, select the First
Authentication Method is optional check box.
- In Customize Advanced Authentication Methods, in the
Second authentication area, click Add, and then, in
Second Authentication Method, select User (NTLMv2),
click OK, and then click OK again.
The New Connection Security Rule Wizard window opens.
- In the Profile window, select the profile to which this
rule applies, and then click Next.
- In the Name window, enter a name and description for the
rule, and then click Finish.