Suggestions
- Select "Start" and type "MMC" in the search box.
- Press "Enter" or select "OK.Select the "File" menu and choose "Add/Remove Snap-In."
- Select "Add."
- Choose "IP Security Policy Management."
- Press "Add."
- Choose the computer on which you want to configure the Internet Key Exchange Security Protocol. Choose from the local computer, Active Directory domain, a different Active Directory domain or a different computer.
- Press "Finish," choose "Close" and select "OK."
- Double-click the IPSec policy you want to change.
- Select "Settings" from the "General" tab.
- Choose one of the following settings:"Master key perfect forward secrecy (PFS)" -- This setting re-authenticates users every time a new session key is needed.
"Authenticate and generate a new key after every number minutes" -- Select a set number of minutes for the server to wait to re-authenticate users.
"Authenticate and generate a new key after every number sessions" -- Select how many times a single key can be reused before re-authentication.
"Methods" -- Choose advanced settings and special requirements. - Press "Apply" to apply the settings.
- Press "OK" to exit the key configuration window.
Tips
- IKE can also be configured outside of a server. Cisco provides a complete guide to configuring IKE with command line prompts (see Resources).
- Only members of the Domain Admins group can edit policies within Active Directory.
The Executive Suite
______________________
No comments:
Post a Comment