Set-VpnConnectionIPsecConfiguration
Sets the IPsec parameters of a VPN connection.
Syntax
Default
Set-VpnConnectionIPsecConfiguration
[-ConnectionName] <String>
[-Force]
[-AllUserConnection]
[-RevertToDefault]
[-CimSession <CimSession[]>]
[-ThrottleLimit <Int32>]
[-AsJob]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
CustomPolicy
Set-VpnConnectionIPsecConfiguration
[-ConnectionName] <String>
[-AuthenticationTransformConstants] <AuthenticationTransformConstants>
[-CipherTransformConstants] <CipherTransformConstants>
[-EncryptionMethod] <EncryptionMethod>
[-IntegrityCheckMethod] <IntegrityCheckMethod>
[-PfsGroup] <PfsGroup>
[-DHGroup] <DHGroup>
[-PassThru]
[-Force]
[-AllUserConnection]
[-CimSession <CimSession[]>]
[-ThrottleLimit <Int32>]
[-AsJob]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Set-VpnConnectionIpsecConfiguration cmdlet sets the IPsec parameters of a VPN connection. The settings apply only to IKEv2 and L2TP VPN connections.
Examples
Example 1: Set the IPsec configuration for an IKEv2 tunnel
PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType "Ikev2"
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants None -CipherTransformConstants AES256 -EncryptionMethod AES256 -IntegrityCheckMethod SHA384 -PfsGroup None -DHGroup ECP384 -PassThru -Force
AuthenticationTransformConstants : None
CipherTransformConstants : AES256
DHGroup : ECP384
IntegrityCheckMethod : SHA384
PfsGroup : None
EncryptionMethod : AES256
This example sets the IPsec configuration for a VPN connection using IKEv2.
The first command uses the Add-VpnConnection cmdlet to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.
The second command uses the Set-VpnConnectionIPsecConfiguration cmdlet to set the configuration by using the ConnectionName parameter. The command also specifies values for the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters.
Example 2: Set the IPsec configuration for an L2TP tunnel
PS C:\> Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType "L2tp"
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants None -CipherTransformConstants AES128 -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup ECP256 -PassThru -Force
AuthenticationTransformConstants : None
CipherTransformConstants : AES128
DHGroup : ECP256
IntegrityCheckMethod : SHA256
PfsGroup : None
EncryptionMethod : AES128
This example sets the IPsec configuration for an L2TP tunnel.
The first command uses Add-VpnConnection to add a VPN connection on the server with the address 176.16.1.2. The command also specifies an L2TP tunnel.
The second command uses Set-VpnConnectionIPsecConfiguration to set the configuration. The command also specifies values for the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters.
Example 3: Set the IPsec configuration for an IKEv2 tunnel with 128-bit data blocks
PS C:\>Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType "Ikev2"
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants GCMAES128 -CipherTransformConstants None -EncryptionMethod AES128 -IntegrityCheckMethod SHA256 -PfsGroup None -DHGroup ECP256 -PassThru -Force
AuthenticationTransformConstants : GCMAES128
CipherTransformConstants : None
DHGroup : ECP256
IntegrityCheckMethod : SHA256
PfsGroup : None
EncryptionMethod : AES128
This example sets the IPsec configuration for an IKEv2 tunnel with authentication transform constants.
The first command uses Add-VpnConnection to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.
The second command uses Set-VpnConnectionIPsecConfiguration to set the configuration. The command also specifies values for the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters, as well as specifying a value for the AuthenticationTransformConstants parameter.
Example 4: Set the IPsec configuration for an IKEv2 tunnel with 256-bit data blocks
PS C:\>Add-VpnConnection -Name "Contoso" -ServerAddress 176.16.1.2 -TunnelType "Ikev2"
PS C:\> Set-VpnConnectionIPsecConfiguration -ConnectionName "Contoso" -AuthenticationTransformConstants GCMAES256 -CipherTransformConstants None -EncryptionMethod AES256 -IntegrityCheckMethod SHA384 -PfsGroup None -DHGroup ECP384 -PassThru -Force
AuthenticationTransformConstants : GCMAES256
CipherTransformConstants : None
DHGroup : ECP384
IntegrityCheckMethod : SHA384
PfsGroup : None
EncryptionMethod : AES256
This example sets the IPsec configuration for an IKEv2 tunnel, and specifies authentication transform constants.
The first command uses Add-VpnConnection to add a VPN connection on the server with the address 176.16.1.2. The cmdlet specifies an IKEv2 tunnel.
The second command uses Set-VpnConnectionIPsecConfiguration to set the configuration. The command also specifies values for the CipherTransformConstants, EncryptionMethod, IntegrityCheckMethod, and DHGroup parameters, as well as specifying a value for the AuthenticationTransformConstants parameter.
Parameters
-AllUserConnection
Indicates that the VPN connection being modified is in the global phone book.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-AsJob
Runs the cmdlet as a background job. Use this parameter to run commands that take a long time to complete.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-AuthenticationTransformConstants
Specifies authentication header (AH) transform in the IPsec policy. For more information, see the Set-VpnServerIPsecConfiguration cmdlet. The acceptable values for this parameter are:
- MD596
- SHA196
- SHA256128
- GCMAES128
- GCMAES192
- GCMAES256
- None
Parameter properties
| Type: | AuthenticationTransformConstants |
| Default value: | None |
| Accepted values: | MD596, SHA196, SHA256128, GCMAES128, GCMAES192, GCMAES256, None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CustomPolicy
| Position: | 2 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-CimSession
Runs the cmdlet in a remote session or on a remote computer. Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet. The default is the current session on the local computer.
Parameter properties
| Type: | CimSession[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Session |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-CipherTransformConstants
Specifies Encapsulating Security Payload (ESP) cipher transform in the IPsec policy. Acceptable values for this parameter are:
- DES
- DES3
- AES128
- AES192
- AES256
- GCMAES128
- GCMAES192
- GCMAES256
- None
Parameter properties
| Type: | CipherTransformConstants |
| Default value: | None |
| Accepted values: | DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES192, GCMAES256, None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CustomPolicy
| Position: | 3 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | cf |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ConnectionName
Specifies the name of a VPN connection profile to modify. To view existing VPN connection profiles, use the Get-VpnConnection cmdlet.
Parameter properties
| Type: | String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | Name |
Parameter sets
(All)
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-DHGroup
Specifies the Diffie-Hellman (DH) Group to use during IKE key exchanges. The acceptable values for this parameter are:
- None
- Group1
- Group2
- Group14
- ECP256
- ECP384
- Group24
Parameter properties
| Type: | DHGroup |
| Default value: | None |
| Accepted values: | None, Group1, Group2, Group14, ECP256, ECP384, Group24 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CustomPolicy
| Position: | 4 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-EncryptionMethod
Specifies the encryption method. The acceptable values for this parameter are:
- DES
- DES3
- AES128
- AES192
- AES256
- GCMAES128
- GCMAES256
Parameter properties
| Type: | EncryptionMethod |
| Default value: | None |
| Accepted values: | DES, DES3, AES128, AES192, AES256, GCMAES128, GCMAES256 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CustomPolicy
| Position: | 5 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-Force
Forces the command to run without asking for user confirmation.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-IntegrityCheckMethod
Specifies the integrity check method used to protect data from tampering. The acceptable values for this parameter are:
- MD5
- SHA1
- SHA256
- SHA384
Parameter properties
| Type: | IntegrityCheckMethod |
| Default value: | None |
| Accepted values: | MD5, SHA1, SHA256, SHA384 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CustomPolicy
| Position: | 6 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-PassThru
Returns an object representing the item with which you are working. By default, this cmdlet does not generate any output. If you specify this parameter, the cmdlet returns the VpnConnection object that contains the VpnConnection configuration settings.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CustomPolicy
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-PfsGroup
Specifies the Perfect Forwarding Secrecy (PFS) Group in the IPsec policy. The acceptable values for this parameter are:
- None
- PFS1
- PFS2
- PFS2048
- ECP256
- ECP384
- PFSMM
- PFS24
Parameter properties
| Type: | PfsGroup |
| Default value: | None |
| Accepted values: | None, PFS1, PFS2, PFS2048, ECP256, ECP384, PFSMM, PFS24 |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
CustomPolicy
| Position: | 7 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | True |
| Value from remaining arguments: | False |
-RevertToDefault
Indicates that the cmdlet sets the IPsec parameters to the default values.
Parameter properties
| Type: | SwitchParameter |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
Default
| Position: | 2 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-ThrottleLimit
Specifies the maximum number of concurrent operations that can be established to run the cmdlet.
If this parameter is omitted or a value of 0 is entered, then Windows PowerShell® calculates an optimum throttle limit for the cmdlet based on the number of CIM cmdlets that are running on the computer.
The throttle limit applies only to the current cmdlet, not to the session or to the computer.
Parameter properties
| Type: | Int32 |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Parameter properties
| Type: | SwitchParameter |
| Default value: | False |
| Supports wildcards: | False |
| DontShow: | False |
| Aliases: | wi |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.