A. By default IPSec will use Kerberos V5 protocol for its authentication method however there are other options:
- Windows 2000 Kerberos V5 protocol (the default)
- Use a certificate from a selected certificate authority
- Use a predefined string (a preshared key)
To modify an existing IPSec policy start the IP Security Policy MMC snap-in as seen in the previous FAQ and perform the following:
- Right click on the policy and select Properties from the context menu
- Select one of the security rules you wish to change the authentication
method for and click Edit
Click here to view image - Select the 'Authentication Methods' tab. The current authentication method will be shown, e.g. Kerberosby default. Select it and click Edit
- Select the preferred authentication method
- Click Apply then Close
- Close all dialogs
If the change was made on a domain Group Policy Object to force the change to take effect:
C:\> secedit /refreshpolicy machine_policy
0 comments
Hide comments