Operating system
|
Windows Vista/7/8/Server 2008/Server 2012
|
|
Connection mode
|
Transport mode
|
|
Key exchange protocol
|
IKEv1 (main mode)
|
|
Authentication method
|
Pre-shared key
Digital signature
|
|
Hash algorithm
(and key length) |
HMAC-SHA1-96
HMAC-SHA2 (256 bits or 384 bits)
|
|
Encryption algorithm
(and key length) |
3DES-CBC
AES-CBC (128 bits, 192 bits, or 256 bits)
|
|
Key exchange algorithm/group (and key length)
|
Diffie-Hellman (DH)
Group 1 (768 bits)
Group 2 (1024 bits)
Group 14 (2048 bits)
|
|
ESP
|
Hash algorithm
|
HMAC-SHA1-96
|
Encryption algorithm
(and key length) |
3DES-CBC
AES-CBC (128 bits, 192 bits, or 256 bits)
|
|
Hash algorithm/encryption algorithm (and key length)
|
AES-GCM (128 bits, 192 bits, or 256 bits)
|
|
AH
|
Hash algorithm
|
HMAC-SHA1-96
|
IPSec supports communication to a unicast address (or a single device).
The machine cannot use both IPSec and DHCPv6 at the same time.
IPSec is unavailable in networks in which NAT or IP masquerade is implemented.
|
Format
|
Key: PKCS#12*1
CA certificate: X.509v1 or X.509v3, DER (encoded binary), PEM
|
File extension
|
Key: ".p12" or ".pfx"
CA certificate: ".cer" or ".pem"
|
Public key algorithm
(and key length) |
RSA (512 bits, 1024 bits, 2048 bits, or 4096 bits), ECDSA (P256, P384, P521)
|
Certificate signature algorithm
|
SHA1-RSA, SHA256-RSA, SHA384-RSA*2, SHA512-RSA*2, MD5-RSA, MD2-RSA, SHA1-ECDSA, SHA256-ECDSA, SHA384-ECDSA, or SHA512-ECDSA
|
Certificate thumbprint algorithm
|
SHA1
|
*1Requirements for the certificate contained in a key are pursuant to CA certificates.
*2SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
|
The machine does not support use of a certificate revocation list (CRL).
|
Hash:
|
MD4, MD5, SHA-1
|
HMAC:
|
HMAC-MD5
|
Common key cryptosystem:
|
RC2, RC4, DES
|
Public key cryptosystem:
|
RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024 bits), DH (512 bits/1024 bits)
|
Even when <Prohibit Weak Encryp. Key/Cert.> is set to <On>, the hash algorithm SHA-1, which is used for signing a root certificate, can be used.
|