As with many other functions in Windows Server 2008 management, you can configure IPsec policy via the command line. This section briefly outlines some of the more commonly used IPsec commands. However, you may want to explore the command line options for IPsec on your own so you're familiar with these options. You can configure static mode and dynamic mode options, as shown in Table 8.4. You can type netsh ipsec /? to get a full list of command line options related to IPsec.
Table 8.4 IPsec Command Line Options
Details netsh ipsec static add policy name netsh ipsec static delete [option]
netsh ipsec dynamic set policy name netsh ipsec dynamic delete name netsh ipsec dynamic export policy name netsh ipsec dynamic show all netsh ipsec dynamic set config ipsecdiagnostics 7
netsh ipsec dynamic set config ipsecloginterval 60
Creates an IPsec policy with the specified name.
Deletes the specific IPsec policy. Can be used with the switch all to remove all IPsec policies, filter lists, and filter actions.
Sets a policy name immediately.
Removes a specific policy immediately.
Exports all IPsec policies to a specified file.
Used to view IPsec policy and statistics.
Enables IPsec driver logging of dropped inbound and outbound packets.
Used to change the default interval the IPsec log file writes entries to the log file. This example sets the interval to 60 seconds. This can be helpful in troubleshooting IPsec issues/.
Was this article helpful?