This is a discussion on Additional Configuration Options for Protected Communication within the Operating systems forums, part of the Tutorials category; Additional Configuration Options for Protected Communication Connection security rules support the following additional settings: ■ Ranges of IP addresses: You ...
Additional Configuration Options for Protected Communication
Connection security rules support the following additional settings:
■ Ranges of IP addresses: You can now use numeric ranges such as 192.168.10.15 to 192.168.10.68.
■ For all wireless adapters: Wireless adapters are another interface type that you can specify for a rule.
New Cryptographic Support
As the science of cryptography evolves, Microsoft continues to add support for newer, more robust algorithms to its operating systems. Windows Server 2008 and Windows Vista add support for the following algorithms for the master key material derived during main mode negotiation.
■ Diffie-Hellman (DH) Group 19: This is an elliptic curve algorithm using a 256-bit random curve group (NIST identifier P-256).
■ DH Group 20: This is an elliptic curve algorithm using a 384-bit random curve group (NIST identifier P-384).
Windows Server 2008 and Windows Vista now support these new data encryption algorithms:
■ Advanced Encryption Standard (AES) with cipher block chaining (CBC) and a 128-bit key size (AES 128)
■ AES with CBC and a 192-bit key size (AES 192)
■ AES with CBC and a 256-bit key size (AES 256)
Network Diagnostics Framework Support
IPsec now supports the Network Diagnostics Framework (NDF). NDF is an infrastructure and a set of built-in components that try to diagnose and fix connection issues automatically. When a problem arises NDF will offer to help the user determine what has gone wrong and repair the issue within the context that the problem arose. That means that the messages from NDF are presented to the user in the application she was using when the problem arose.
Extended Events and Performance Monitor Counters
New IPsec-specific audit events have been added, and the text of existing events has been updated to include more useful information to assist you with troubleshooting IPsec-related problems. IPsec performance counters have also been added.
Expanded Authenticated Bypass
You can configure bypass rules so that connections from certain computers can bypass the other IPsec rules. This means that you can block the traffic from all hosts, but allow the authenticated computers to bypass the block. This is useful when you want to allow susceptibility scanners or other management tools to be able to access the protected hosts.