Configure IPSec support for Windows PE Client
This topic describes how to configure an IP Security (IPsec) network for Windows PE Clients. Windows PE supports IPsec protocol by default, but in some cases the computer you want to connect to will not allow a connection. You must configure the security policy to allow the Windows PE client to connect.
By default, Windows PE IPsec policy uses the following security and authentication methods:
- MM Security Offer: AES128-SHA1-ECP256;
- MM Authentication Method: Anonymous
- QM Policy: 3DES-SHA1; AES128-SHA1
- QM Authentication Method: NTLMv2
To configure an IPsec policy
- On the networked computer you are trying to access, configure the following:
- Click Start, point to Administrative Tools, and then click Windows Firewall with Advanced Security.
- In the left pane, right-click Windows Firewall with Advanced Security and then select Properties.
- On the Windows Firewall with Advanced Security on Local Computer Properties window, select the IPsec Settings Tab, under the IPsec defaults section, click the Customize button.
The Customize IPsec Settings window opens.
- In Customize IPsec Settings, in Key exchange (Main Mode), select Customize.
The Customize Advanced Key Exchange Settings window opens.
- In the Key Exchange Algorithm section, select Elliptical Curve Diffie-Hellman P-256.
- In the Security Methods section, verify that the SHA1 (Integrity) AES-128 (Encryption) method is included in the list of security methods, and then click OK.
- In the left pane, right-click the Connection Security Rule Node, and then select New Rule.
- In the New Connection Security Rule Wizard, select Custom, and then click Next.
- In the Endpoints section, add the IP addresses of the Windows PE machines (Endpoint 1) and the local machine (Endpoint 2), and then click Next.
- In the Requirements section, select Require Authentication for inbound and outbound connections option, and then click Next.
- In the Authentication Method section, select the Advanced option, and then click the Customize button.
- In Customize Advanced Authentication Methods, in the First authentication area, select the First Authentication Method is optional check box.
- In Customize Advanced Authentication Methods, in the Second authentication area, click Add., and then, in Second Authentication Method, select User (NTLMv2) option, click OK, and then click OK again.
The New Connection Security Rule Wizard window opens.
- In the Profile window, select the profile to which this rule applies, and then click Next.
- In the Name window, enter a name and description for the rule, and then click Finish.