IPSec Configuration Information

By default, MSRIPv6 has a single security policy which allows all IPv6 communication to bypass IPSec authentication without being verified. In other words, if you do nothing to modify the default configuration, this implementation will allow all IPv6 traffic to pass unchecked.

To use IPSec to authenticate communication, you need to manually create entries describing such traffic in our Security Policy (SP) and Security Association (SA) databases. We provide utilities to help you do that. You might also wish to read up on our SP and SA Databases before diving in.

Some of the documents referenced by this page are present in both HTML and a Microsoft Office native format (such as Word or PowerPoint). The latter versions are often easier to read than their HTML counterparts. If you don't have Office on your machine and would still like to read these, Microsoft makes available free viewers for files in these formats.

One final note: our IPSec implementation is undergoing very active development and it is likely that one or more of the utilities and file formats involved in specifying policies, associations, keys, etc. will be changed in the not too distant future.