From 39c6d7cf9c5f6c401019e3e1b4b7a1938b212345 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Fri, 2 Feb 2018 13:21:01 -0800 Subject: [PATCH] edits --- ...ure-diffie-hellman-protocol-over-ikev2-vpn-connections.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/access-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/access-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index e89326d91c..24ef78f2b8 100644 --- a/windows/access-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/access-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -19,6 +19,8 @@ ms.date: 01/29/2018 In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges. To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets. +## VPN server + For VPN server, you need to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration. For example, on a site-to-site VPN server that runs Windows Server 2016, run [Set-VpnServerConfiguration](https://docs.microsoft.com/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps): @@ -27,11 +29,12 @@ For example, on a site-to-site VPN server that runs Windows Server 2016, run [Se Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy ``` -On a VPN server that runs Windows Server 2012 R2, run [Set-VpnServerIPsecConfiguration](https://technet.microsoft.com/library/hh918373(v=wps.620).aspx): +On an earlier version of Windows Server, run [Set-VpnServerIPsecConfiguration](https://technet.microsoft.com/library/hh918373(v=wps.620).aspx): ```powershell Set-VpnServerIPsecConfiguration -CustomPolicy ``` +## VPN client For VPN client, you need to configure each VPN connection. For example, on a VPN client that runs Windows 10, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](https://docs.microsoft.com/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps) and specify the name of the connection: