You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -644,7 +644,7 @@ Specifies that matching IPsec rules of the indicated key module are removed.
644
644
This parameter specifies which keying modules to negotiate.
645
645
The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2.
646
646
647
-
- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008.
647
+
- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008.
648
648
- AuthIP: Supported with phase 2 authentication.
649
649
- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only.
650
650
- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only.
@@ -644,15 +644,12 @@ Specifies that matching IPsec rules of the indicated key module are removed.
644
644
This parameter specifies which keying modules to negotiate.
645
645
The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2.
646
646
647
-
- Default: Equivalent to both IKEv1 and AuthIP.
648
-
Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7.
649
-
---- There are authorization and cryptographic methods that are only compatible with certain keying modules.
650
-
This is a very advanced setting intended only for specific interoperability scenarios.
651
-
Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules there.
652
-
- AuthIP: Supported with phase 2 authentication.
653
-
- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos.
654
-
- IKEv2: Not supported with Kerberos, PSK, or NTLM.
655
-
Windows versions prior to Windows Server 2012 only support the Default configuration.
647
+
- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008.
648
+
- AuthIP: Supported with phase 2 authentication.
649
+
- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only.
650
+
- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only.
651
+
652
+
The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration.
0 commit comments