There is no supported production method for manual keying in GUI or command
line for manual IPsec SAs in any release since Win2k. The IPv6 IPsec
implementation in XPSP2 and WS03 provided a method for testing IPsec using
manual IPsec SA configurations. But I remember reading somewhere that only
Vista & Server 2008 have "production" capable IPv6 implementation. The IPsec
GUI & command line for IPv6 in Vista does not support manual SAs.

However, you might check the Vista SDK Windows Firewall APIs for support of
APIs that can provide SPI, algorithms & keys for IPsec SAs. It might be
discussed as an API for an alternate IPsec keying module. I haven't looked
specifically for how to do this yet.

"Tinghua" wrote:

> Hi
>
> Could someone help on the manual keying issue! I did some search in
> Microsoft.com and find only one technical doc on how to configuring manual
> keying and the contents don't look complete. The article(using manual keying
> for link local connection) is
> http://technet2.microsoft.com/window...spx?mfr=trueat
>
> I was able to follw the article to configure the test.spd and test.sad
> files. But could not figure out the format of the key files. I tried to put
> only manul keying there in hexdecimal format or just follow the article to
> put "This is a test". I got error message saying Bad authenication algorithm
> value entry in the key file. I also tried to put some algorithm string in
> front of the key but failed with sma e error message.
> Thank you!
>
> Tinghua