Advanced IPSec features in Vista/Server 2003? - Network

This is a discussion on Advanced IPSec features in Vista/Server 2003? - Network ; So far I'm not seeing AES support. Can this be true? How can I find out if there is support for: IKEv2, Diffie-Hellman MODP group 5, SHA-2? Do I really have to go out and purchase a third-party tool from ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Advanced IPSec features in Vista/Server 2003?

  1. Advanced IPSec features in Vista/Server 2003?

    So far I'm not seeing AES support. Can this be true?

    How can I find out if there is support for: IKEv2, Diffie-Hellman MODP group
    5, SHA-2?

    Do I really have to go out and purchase a third-party tool from SafeNet or
    somebody to get these features?

  2. Re: Advanced IPSec features in Vista/Server 2003?

    AES is supported via the new Windows Firewall with Advanced Security snap in
    (WF.MSC) for transport mode IPsec utilization (renamed in the new snap in as
    'Connection Security RUles". IKEv2 and SHA-2 did not ship with Windows
    Vista.

    What is your use scenario? If you are doing a transport mode IPsec
    implementation you can use the new algo's on Windows Vista while also
    supporting the older algo's and negotiations to downlevel clients (Win2000 -
    Win2003)

    Jason


    "knokej" wrote in message
    news:2F28C685-B333-4526-98E5-C01AE8F9C7AA@microsoft.com...
    > So far I'm not seeing AES support. Can this be true?
    >
    > How can I find out if there is support for: IKEv2, Diffie-Hellman MODP
    > group
    > 5, SHA-2?
    >
    > Do I really have to go out and purchase a third-party tool from SafeNet or
    > somebody to get these features?



  3. Re: Advanced IPSec features in Vista/Server 2003?

    We are considering writing some IPsec VPN-like applications. We support
    peer-to-peer connections and multiple, simultaneous connections to different
    end-points. In previous years we have replaced the Windows IPsec with a
    third-party IPsec that provided more algorithms and options. We have
    government customers who want strong algorithms. I see that Suite-B
    algorithms are available for Vista, but I don't see if they are being used by
    Vista's IPsec.

    We have generally done tunneling, like most VPNs, maybe because its better
    at getting through NAT and firewalls.

    "Jason Popp [MS]" wrote:

    > AES is supported via the new Windows Firewall with Advanced Security snap in
    > (WF.MSC) for transport mode IPsec utilization (renamed in the new snap in as
    > 'Connection Security RUles". IKEv2 and SHA-2 did not ship with Windows
    > Vista.
    >
    > What is your use scenario? If you are doing a transport mode IPsec
    > implementation you can use the new algo's on Windows Vista while also
    > supporting the older algo's and negotiations to downlevel clients (Win2000 -
    > Win2003)
    >
    > Jason
    >
    >
    > "knokej" wrote in message
    > news:2F28C685-B333-4526-98E5-C01AE8F9C7AA@microsoft.com...
    > > So far I'm not seeing AES support. Can this be true?
    > >
    > > How can I find out if there is support for: IKEv2, Diffie-Hellman MODP
    > > group
    > > 5, SHA-2?
    > >
    > > Do I really have to go out and purchase a third-party tool from SafeNet or
    > > somebody to get these features?

    >
    >


+ Reply to Thread