From 284c123f4f439a31767b49679596c48586083739 Mon Sep 17 00:00:00 2001 From: brandyking <102766995+brandyking@users.noreply.github.com> Date: Fri, 14 Feb 2025 16:40:21 -0500 Subject: [PATCH 01/14] Update Copy-NetIPsecRule.md Updating the details in -KeyModule parameter to reflect changes in the code for how this value is set. --- .../winserver2022-ps/netsecurity/Copy-NetIPsecRule.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md index 8bb26418ea..e3a9bcb717 100644 --- a/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md @@ -706,11 +706,11 @@ Specifies that matching IPsec rules of the indicated key module are copied. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. +- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. - AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. @@ -725,7 +725,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From 677b5676ed9462cd3e24c0158e9d8ca74d89f034 Mon Sep 17 00:00:00 2001 From: brandyking <102766995+brandyking@users.noreply.github.com> Date: Fri, 14 Feb 2025 16:47:29 -0500 Subject: [PATCH 02/14] Update Disable-NetIPsecRule.md Updating the details in -KeyModule parameter to reflect changes in the code for how this value is set. --- .../netsecurity/Disable-NetIPsecRule.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md index 067600c75b..446b131d85 100644 --- a/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md @@ -638,15 +638,12 @@ Accept wildcard characters: False Specifies that matching IPsec rules of the indicated key module are disabled. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules there. +- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. - AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -656,7 +653,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From 836ea9afcdde432aec7f010f6e001df30245ba66 Mon Sep 17 00:00:00 2001 From: brandyking <102766995+brandyking@users.noreply.github.com> Date: Fri, 14 Feb 2025 16:49:23 -0500 Subject: [PATCH 03/14] Update Enable-NetIPsecRule.md Updating the details in -KeyModule parameter to reflect changes in the code for how this value is set, and set this information to be consistent across all the relevant documentation pages that reference it. --- .../netsecurity/Enable-NetIPsecRule.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Enable-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Enable-NetIPsecRule.md index 7294328085..1fd707b9b7 100644 --- a/docset/winserver2022-ps/netsecurity/Enable-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Enable-NetIPsecRule.md @@ -629,15 +629,12 @@ Specifies that matching IPsec rules of the indicated key module are enabled. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules there. +- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. - AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -647,7 +644,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From 19edf932c3cef097551d251a007be2ec90730e45 Mon Sep 17 00:00:00 2001 From: brandyking <102766995+brandyking@users.noreply.github.com> Date: Fri, 14 Feb 2025 16:51:13 -0500 Subject: [PATCH 04/14] Update Get-NetIPsecRule.md Updating the details in -KeyModule parameter to reflect changes in the code for how this value is set, and set this information to be consistent across all the relevant documentation pages that reference it. --- .../netsecurity/Get-NetIPsecRule.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Get-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Get-NetIPsecRule.md index e024fbf11b..89166e7000 100644 --- a/docset/winserver2022-ps/netsecurity/Get-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Get-NetIPsecRule.md @@ -600,15 +600,12 @@ Specifies that matching IPsec rules of the indicated key module are retrieved. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules there. +- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. - AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -618,7 +615,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From 214d18b629fdb5ec9253cc4625b1546b4de31bb2 Mon Sep 17 00:00:00 2001 From: brandyking <102766995+brandyking@users.noreply.github.com> Date: Fri, 14 Feb 2025 16:53:00 -0500 Subject: [PATCH 05/14] Update New-NetIPsecRule.md Updating the details in -KeyModule parameter to reflect changes in the code for how this value is set, and set this information to be consistent across all the relevant documentation pages that reference it. --- .../netsecurity/New-NetIPsecRule.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/New-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/New-NetIPsecRule.md index 57f2e6cc4d..8bedc5c6c6 100644 --- a/docset/winserver2022-ps/netsecurity/New-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/New-NetIPsecRule.md @@ -425,15 +425,12 @@ Specifies that matching IPsec rules of the indicated key module are created. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authentication and cryptographic settings are not supported by the keying modules there. +- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. - AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule @@ -443,7 +440,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From e974fd2bb8f0f3f8369ff40fc0135362a6b966b5 Mon Sep 17 00:00:00 2001 From: brandyking <102766995+brandyking@users.noreply.github.com> Date: Fri, 14 Feb 2025 16:54:44 -0500 Subject: [PATCH 06/14] Update Remove-NetIPsecRule.md Updating the details in -KeyModule parameter to reflect changes in the code for how this value is set, and set this information to be consistent across all the relevant documentation pages that reference it. --- .../netsecurity/Remove-NetIPsecRule.md | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Remove-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Remove-NetIPsecRule.md index 2112a3f5df..3387c25030 100644 --- a/docset/winserver2022-ps/netsecurity/Remove-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Remove-NetIPsecRule.md @@ -644,15 +644,12 @@ Specifies that matching IPsec rules of the indicated key module are removed. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules there. +- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. - AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -662,7 +659,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From bb01fba0500de49cbf7d78879cf3c9f4d51a935c Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 3 Mar 2025 13:52:47 -0800 Subject: [PATCH 07/14] add to 2025, edits --- .../netsecurity/Remove-NetIPsecRule.md | 4 ++-- .../netsecurity/Remove-NetIPsecRule.md | 19 ++++++++----------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Remove-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Remove-NetIPsecRule.md index 3387c25030..5833a204ed 100644 --- a/docset/winserver2022-ps/netsecurity/Remove-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Remove-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/remove-netipsecrule?view=windowsserver2022-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Remove-NetIPsecRule @@ -644,7 +644,7 @@ Specifies that matching IPsec rules of the indicated key module are removed. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. - AuthIP: Supported with phase 2 authentication. - IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. - IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. diff --git a/docset/winserver2025-ps/netsecurity/Remove-NetIPsecRule.md b/docset/winserver2025-ps/netsecurity/Remove-NetIPsecRule.md index 8e6e69cdc5..61c7db49f6 100644 --- a/docset/winserver2025-ps/netsecurity/Remove-NetIPsecRule.md +++ b/docset/winserver2025-ps/netsecurity/Remove-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/remove-netipsecrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Remove-NetIPsecRule @@ -644,15 +644,12 @@ Specifies that matching IPsec rules of the indicated key module are removed. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules there. -- AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. +- AuthIP: Supported with phase 2 authentication. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -662,7 +659,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From 9355588d053c6b07de41a8f336d9b82eeef05a68 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 3 Mar 2025 13:57:29 -0800 Subject: [PATCH 08/14] add to 2025, edits --- .../netsecurity/New-NetIPsecRule.md | 4 ++-- .../netsecurity/New-NetIPsecRule.md | 19 ++++++++----------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/New-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/New-NetIPsecRule.md index 8bedc5c6c6..705c9be501 100644 --- a/docset/winserver2022-ps/netsecurity/New-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/New-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/new-netipsecrule?view=windowsserver2022-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: New-NetIPsecRule @@ -425,7 +425,7 @@ Specifies that matching IPsec rules of the indicated key module are created. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. - AuthIP: Supported with phase 2 authentication. - IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. - IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. diff --git a/docset/winserver2025-ps/netsecurity/New-NetIPsecRule.md b/docset/winserver2025-ps/netsecurity/New-NetIPsecRule.md index c9184cba0a..05ff0d65c8 100644 --- a/docset/winserver2025-ps/netsecurity/New-NetIPsecRule.md +++ b/docset/winserver2025-ps/netsecurity/New-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/new-netipsecrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: New-NetIPsecRule @@ -425,15 +425,12 @@ Specifies that matching IPsec rules of the indicated key module are created. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authentication and cryptographic settings are not supported by the keying modules there. -- AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. +- AuthIP: Supported with phase 2 authentication. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule @@ -443,7 +440,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From 19183441d5d97ea1fd5e7fe9b8f1fb157c377a10 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:08:30 -0800 Subject: [PATCH 09/14] add to 2025, edits --- .../netsecurity/Get-NetIPsecRule.md | 4 ++-- .../netsecurity/Get-NetIPsecRule.md | 19 ++++++++----------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Get-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Get-NetIPsecRule.md index 89166e7000..5ed9ec1eac 100644 --- a/docset/winserver2022-ps/netsecurity/Get-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Get-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/get-netipsecrule?view=windowsserver2022-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Get-NetIPsecRule @@ -600,7 +600,7 @@ Specifies that matching IPsec rules of the indicated key module are retrieved. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. - AuthIP: Supported with phase 2 authentication. - IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. - IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. diff --git a/docset/winserver2025-ps/netsecurity/Get-NetIPsecRule.md b/docset/winserver2025-ps/netsecurity/Get-NetIPsecRule.md index 38e04d5722..1dff7f0ff5 100644 --- a/docset/winserver2025-ps/netsecurity/Get-NetIPsecRule.md +++ b/docset/winserver2025-ps/netsecurity/Get-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/get-netipsecrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Get-NetIPsecRule @@ -600,15 +600,12 @@ Specifies that matching IPsec rules of the indicated key module are retrieved. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules there. -- AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. +- AuthIP: Supported with phase 2 authentication. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -618,7 +615,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From f5fa47e2ba7b6726fe1e1feb785a113ce1551117 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:12:13 -0800 Subject: [PATCH 10/14] add to 2025, edits --- .../netsecurity/Enable-NetIPsecRule.md | 4 ++-- .../netsecurity/Enable-NetIPsecRule.md | 19 ++++++++----------- 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Enable-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Enable-NetIPsecRule.md index 1fd707b9b7..534558280d 100644 --- a/docset/winserver2022-ps/netsecurity/Enable-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Enable-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/enable-netipsecrule?view=windowsserver2022-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Enable-NetIPsecRule @@ -629,7 +629,7 @@ Specifies that matching IPsec rules of the indicated key module are enabled. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. - AuthIP: Supported with phase 2 authentication. - IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. - IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. diff --git a/docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md b/docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md index cbd53f7b80..e8bdde03bd 100644 --- a/docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md +++ b/docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 103/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/enable-netipsecrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Enable-NetIPsecRule @@ -629,15 +629,12 @@ Specifies that matching IPsec rules of the indicated key module are enabled. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules there. -- AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. +- AuthIP: Supported with phase 2 authentication. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -647,7 +644,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From 907d69ca326d6567b4d0bf8a70c41c22d6529564 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:15:48 -0800 Subject: [PATCH 11/14] add to 2025, edits --- .../netsecurity/Disable-NetIPsecRule.md | 5 +++-- .../netsecurity/Disable-NetIPsecRule.md | 20 +++++++++---------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md index 446b131d85..9dde8e2913 100644 --- a/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 103/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/disable-netipsecrule?view=windowsserver2022-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Disable-NetIPsecRule @@ -638,7 +638,8 @@ Accept wildcard characters: False Specifies that matching IPsec rules of the indicated key module are disabled. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. + +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. - AuthIP: Supported with phase 2 authentication. - IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. - IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. diff --git a/docset/winserver2025-ps/netsecurity/Disable-NetIPsecRule.md b/docset/winserver2025-ps/netsecurity/Disable-NetIPsecRule.md index d1090bc30b..fa72acb091 100644 --- a/docset/winserver2025-ps/netsecurity/Disable-NetIPsecRule.md +++ b/docset/winserver2025-ps/netsecurity/Disable-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/disable-netipsecrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Disable-NetIPsecRule @@ -638,15 +638,13 @@ Accept wildcard characters: False Specifies that matching IPsec rules of the indicated key module are disabled. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. ----- There are authorization and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules there. -- AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -Windows versions prior to Windows Server 2012 only support the Default configuration. + +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. +- AuthIP: Supported with phase 2 authentication. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -656,7 +654,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ``` From cd2cb6be554a1ae36ca20b0b0a033773f3bcf9ff Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:16:34 -0800 Subject: [PATCH 12/14] Update docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md --- docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md index 9dde8e2913..788dcd2931 100644 --- a/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Disable-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 103/03/2025 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/disable-netipsecrule?view=windowsserver2022-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Disable-NetIPsecRule From 45a01be2761e101cbbac451bbd6ab848eebedcb2 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:17:27 -0800 Subject: [PATCH 13/14] Update docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md --- docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md b/docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md index e8bdde03bd..9213cd2421 100644 --- a/docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md +++ b/docset/winserver2025-ps/netsecurity/Enable-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 103/03/2025 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/enable-netipsecrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Enable-NetIPsecRule From 948ddeddae9697f310002663b9e705825f4bc16f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:21:59 -0800 Subject: [PATCH 14/14] add to 2025, edits --- .../netsecurity/Copy-NetIPsecRule.md | 10 +++------- .../netsecurity/Copy-NetIPsecRule.md | 20 ++++++++----------- 2 files changed, 11 insertions(+), 19 deletions(-) diff --git a/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md b/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md index e3a9bcb717..3d315ed6ad 100644 --- a/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md +++ b/docset/winserver2022-ps/netsecurity/Copy-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/copy-netipsecrule?view=windowsserver2022-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Copy-NetIPsecRule @@ -706,16 +706,12 @@ Specifies that matching IPsec rules of the indicated key module are copied. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: KeyModule is set based on the authentication method. As of Win11 24H2 and Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Server 2008. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. - AuthIP: Supported with phase 2 authentication. - IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. - IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. -The default value is Default. -There are authentication and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. -Windows versions prior to Windows Server 2012 only support the Default configuration. +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] diff --git a/docset/winserver2025-ps/netsecurity/Copy-NetIPsecRule.md b/docset/winserver2025-ps/netsecurity/Copy-NetIPsecRule.md index 8ec9b52e20..7e477dad46 100644 --- a/docset/winserver2025-ps/netsecurity/Copy-NetIPsecRule.md +++ b/docset/winserver2025-ps/netsecurity/Copy-NetIPsecRule.md @@ -2,7 +2,7 @@ description: Use this topic to help manage Windows and Windows Server technologies with Windows PowerShell. external help file: NetIPsecRule.cmdletDefinition.cdxml-help.xml Module Name: NetSecurity -ms.date: 12/27/2016 +ms.date: 03/03/2025 online version: https://learn.microsoft.com/powershell/module/netsecurity/copy-netipsecrule?view=windowsserver2025-ps&wt.mc_id=ps-gethelp schema: 2.0.0 title: Copy-NetIPsecRule @@ -706,16 +706,12 @@ Specifies that matching IPsec rules of the indicated key module are copied. This parameter specifies which keying modules to negotiate. The acceptable values for this parameter are: Default, AuthIP, IKEv1, or IKEv2. -- Default: Equivalent to both IKEv1 and AuthIP. -Required in order for the rule to be applied to computers running Windows versions prior to nextref_server_7. -- AuthIP: Supported with phase 2 authentication. -- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. -- IKEv2: Not supported with Kerberos, PSK, or NTLM. -The default value is Default. -There are authentication and cryptographic methods that are only compatible with certain keying modules. -This is a very advanced setting intended only for specific interoperability scenarios. -Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. -Windows versions prior to Windows Server 2012 only support the Default configuration. +- Default: KeyModule is set based on the authentication method. As of Windows 11, version 24H2 and Windows Server 2025, the Default is equivalent to both IKEv1 and IKEv2, and only sets AuthIP if the authentication method(s) require it. In previous releases, Default is equivalent to both IKEv1 and AuthIP. Required in order for the rule to be applied to computers running Windows versions prior to Windows Server 2008. +- AuthIP: Supported with phase 2 authentication. +- IKEv1: Supported with pre-shared key (PSK), Certificates, and Kerberos. Supported with phase 1 authentication only. +- IKEv2: Not supported with Kerberos, PSK, or NTLM. Supported with phase 1 authentication only. + +The default value is Default. There are authentication and cryptographic methods that are only compatible with certain keying modules. This is a very advanced setting intended only for specific interoperability scenarios. Overriding this parameter value may result in traffic being sent in plain-text if the authorization and cryptographic settings are not supported by the keying modules. Windows versions prior to Windows Server 2012 only support the Default configuration. ```yaml Type: KeyModule[] @@ -725,7 +721,7 @@ Accepted values: Default, IKEv1, AuthIP, IKEv2 Required: False Position: Named -Default value: None +Default value: Default Accept pipeline input: False Accept wildcard characters: False ```