The authentication method determines how the computers trust each other by specifying how they authenticate themselves. This self-authentication proves each computer's identity to the other when they try to establish a security association.
This section explains how to configure pre-shared key authentication. A pre-shared key is a text string that both sides of the IPsec communication, the sending computer and the receiving computer, must know to trust each other. This pre-shared key is not used to encrypt the application data. It is only used during negotiation to prove each computer's identity and establish a security association.
To configure the authentication method for the security rule:
- Select Use this string to protect this key exchange.
In the text box below Use this string to protect this key exchange, enter ABC123 as the string.You must not use a blank string.
- Click Next.
Ensure the Edit properties check box is not selected (this is the default setting), and then click Finish.
You have just configured the filter action that will be used during negotiations with your partner.You can reuse this filter action in other policies.
The Properties page appears.
- Click OK.
- For Security connect, select Negotiate security.
- In the Edit Security Method dialog box, select Integrity and encryption.
- Click OK.
You have successfully configured an IPsec policy on this Windows OS System.
Test Your Custom IPsec Policy
In the left pane of the MMC console on both computers, select IP Security Policies on Local Machine.
The folder named IP Security Policies on Local Machine/Computer is nested within the Local Computer Policy tree. To find the folder, double-click Local Computer Policy, double-click Computer Configuration, double-click Windows Settings, and then double-click Security Settings.
The new security policy Partner appears.
In the left-side navigation pane of the MMC console on this Windows system, double-click IP Security Monitor. Double-click Quick Mode, and then click Security Associations.
In the left pane of the MMC console on ComputerA, select IP Security Policies on Local Machine.
The Partner policy you just configured is listed in the right pane.
Right-click Partner, and then click Assign. The status in the Policy Assigned column changes from No to Yes.
On this Windows computer, open a command prompt window, and then type ping [partners-ip-address]. Press Enter to receive four successful replies.
At the MMC Console, check Security Associations under IP Security Monitor. Use the Refresh button from the MMC Console toolbar to see details of the Security Association currently in use, as well as statistics on the number of Authenticated and Confidential bytes transmitted.