Microsoft Windows [Version 6.1.7000] (C) Copyright 2009 Microsoft Corp. C:\Windows>netsh ipsec static add policy ?
Usage:
policy [ name = ][[ description = ]][[ mmpfs = ] (yes | no) ][[ qmpermm = ]][[ mmlifetime = ]][[ activatedefaultrule = ] (yes | no) ][[ pollinginterval = ]][[ assign = ] (yes | no) ][[ mmsecmethods = ] (sec#1 sec#2 ... sec#n) ]
Creates a policy with the specified name.
Parameters:
Tag Value
name -Name of the policy.
description -Brief information about the policy.
mmpfs -Option to set master perfect forward secrecy.
qmpermm -Number of quick mode sessions per main mode
session of IKE.
mmlifetime -Time in minutes to rekey for main mode of IKE.
activatedefaultrule -Activates or deactivates the default response rule. Valid only for versions of Windows prior to Windows Vista.
pollinginterval -Polling Interval, time in minutes for policy agent
to check for changes in policy store.
assign -Assigns the policy as active or inactive.
mmsecmethods -List of one or more space separated security
methods in the form of ConfAlg-HashAlg-GroupNum,
where ConfAlg can be DES or 3DES,
HashAlg is MD5 or SHA1.
GroupNum can be 1 (Low), 2 (Med), 3 (DH2048).
Remarks: 1. If mmpfs is specified, qmpermm is set to 1.
2. If the store is 'domain' then 'assign' will have no effect.
3. The use of DES and MD5 is not recommended. These cryptographic
algorithms are provided for backward compatibility only.
Examples: add policy Policy1 mmpfs= yes assign=yes
mmsec="3DES-SHA1-3 DES-MD5-3 3DES-MD5-2"