deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 04:43:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into whfb-staging

Browse Source
This commit is contained in:
Mike Stephens
2018-02-23 06:22:34 -08:00
parent f0fb2acd7f 2109716896
commit d729864426
108 changed files with 2711 additions and 854 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/identity-protection/TOC.md
View File

@ -67,6 +67,7 @@
### [VPN auto-triggered profile options](vpn\vpn-auto-trigger-profile.md)
### [VPN security features](vpn\vpn-security-features.md)
### [VPN profile options](vpn\vpn-profile-options.md)
### [How to configure Diffie Hellman protocol over IKEv2 VPN connections](vpn\how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md)
### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md)
### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)

44
windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md Normal file
View File

@ -0,0 +1,44 @@
---
title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10)
description: Explains how to secure VPN connections for Diffie Hellman Group 2
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security, networking
author: shortpatti
ms.author: pashort
ms.localizationpriority: medium
ms.date: 02/08/2018
---
# How to configure Diffie Hellman protocol over IKEv2 VPN connections
>Applies To: Windows Server (Semi-Annual Channel), Windows Server 2016, Windows 10
In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges.
To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets.
## VPN server
For VPN servers that run Windows Server 2012 R2 or later, you need to run [Set-VpnServerConfiguration](https://docs.microsoft.com/powershell/module/remoteaccess/set-vpnserverconfiguration?view=win10-ps) to configure the tunnel type. This makes all IKE exchanges on IKEv2 tunnel use the secure configuration.
```powershell
Set-VpnServerConfiguration -TunnelType IKEv2 -CustomPolicy
```
On an earlier versions of Windows Server, run [Set-VpnServerIPsecConfiguration](https://technet.microsoft.com/library/hh918373(v=wps.620).aspx). Since `Set-VpnServerIPsecConfiguration` doesnt have `-TunnelType`, the configuration applies to all tunnel types on the server.
```powershell
Set-VpnServerIPsecConfiguration -CustomPolicy
```
## VPN client
For VPN client, you need to configure each VPN connection.
For example, run [Set-VpnConnectionIPsecConfiguration (version 4.0)](https://docs.microsoft.com/powershell/module/vpnclient/set-vpnconnectionipsecconfiguration?view=win10-ps) and specify the name of the connection:
```powershell
Set-VpnConnectionIPsecConfiguration -ConnectionName <String>
```