124
C
HAPTER
7: C
ONFIGURING
IP S
ECURITY
Creating a Security Policy
The process you use to create and enable a security policy
will depend on your network environment requirements.
The following is an example of one approach to creating a
security policy.
Defining the Console
This sequence establishes the Console and defines its
parameters.
To define the Console:
1 In the Windows taskbar, click
Start
,
Programs
,
Accessories
, and then
Command Prompt
.
2 At the DOS prompt, type MMC and press Enter.
The Console1 screen appears.
3 In the menu click
Console
and then
Add/Remove
Snap-in.
The Add/Remove Snap-in screen appears.
Custom
varies
This provides encryption and an extra
authentication that includes the IP header.
Custom allows you to select options for both AH
and ESP, such as MD%/SHA-1 and DES/3DES. And
you can select the rate at which new keys are
negotiated.
Microsoft uses IKE key exchange to renew keys
every x seconds or y bytes. However, this practice
is computationally very high in overhead. Some
users may set these values low and have frequent
key updates. Users more concerned with
performance will set these values higher.
For more information, see the Microsoft
documentation about creating IPSec flows.
Encryption
Type
Encryption
Level
Description (continued)
You must complete all of the sequences in this section
to establish and enable a security policy for
transmitting and receiving encrypted data over the
network
.