1 Create and edit Internet Protocol Security policies
2 IP Security Policy Management
3 Size (from IDS_SIZE)
4 Type (from IDS_TYPE)
5 Local Computer
6 Internet Protocol Security (IPsec) Administration. Manage IPsec policies for secure communication with other computers.\n\n\nPortions of IPsec and related services were jointly developed by Microsoft Corporation and Cisco Systems, Inc.
8 Microsoft Corporation
9 Security Policies
10 Filter Actions
11 Available security policies
12 Available filter actions
13 Filter action links, each containing associations to IP filter lists
14 Associated Filters
15 IP Filters
16 Available IP Filters
17 ICMP
18 TCP
19 UDP
20 RAW
21 DES
22 MD5
23 SHA1
24 Are you sure?
25 Any
26 Invalid
27 New IP Filter List
28 New IP Security Policy
29 New Filter Action
30 You must enter a port number that is in the range of 0 through 65535.
31 A valid IP filter list must be selected.
32 A valid filter action must be selected.
33 ESP Integrity
34 None
35 The following error occurred when removing IP Security data.\n\n%1
36 The IPsec policy data could not be saved because you do not have administrative permissions (you must be a member of the Administrators group). As a result, data might have been lost. (Error = %1!lx!)
37 <None>
38 40 bit DES
39 3DES
40 Low (1)
41 Medium (2)
42 High (2048)
43 IKE
44 The tunnel endpoint name resolved to multiple IP addresses. The first address returned will be used.
45 The tunnel endpoint name could not be resolved. No IP address information could be cached.
46 Unable to verify integrity (Error = %lx)
47 Integrity verified
48 You must enter a value that is in the range of 300 seconds (5 minutes) through 172,800 seconds (48 hours).
49 You must enter a value that is in the range of 20,480 kilobytes (20 MB) through 2,147,483,647 kilobytes (2,097,152 MB).
50 Default response (earlier versions of Windows only)
51 L2TP Base
52 L2TP Extended
53 Yes
54 No
55 All
56 LAN
57 Remote access
58 A data error has occurred. The interface type is unknown.
59 This rule no longer has a valid IP filter selected.
60 , with policy storage
61 The IPsec policy storage container could not be opened. No domain controller can be found for the domain.
62 The IPsec policy storage container could not be opened. Communication with Active Directory could not be established.
63 The IPsec policy storage container could not be created. You might not have administrative permissions (you must be a member of the Administrators group). For the IPsec policy storage container to be created, you must have administrative permissions.
64 The IPsec policy storage container could not be opened. You might not have administrative permissions (you must be a member of the Administrators group). For the IPsec policy storage container to be opened, you must have administrative permissions.
65 The IPsec policy storage container could not be opened. The following error occurred:\n\n%1.
66 Type
67 ESP Confidentiality
69 Name
70 Description
71 Encryption and Integrity
72 Integrity only
73 Custom
74 &Create IP Security Policy...
75 Creates an IP Security policy.
78 &Import Policies...
79 Imports IP Security policy information from a file.
80 &Export Policies...
81 Exports information for all IP Security policies to a file.
82 New Security Method
83 Edit Security Method
85 Refreshes IPsec policy information from the policy storage location.
86 Invalid
87 &Un-assign
88 Un-assigns this policy (attempts to make it inactive).
89 &Assign
90 Assigns this policy (attempts to make it active).
91 IP Filter List
92 Filter Action
93 Authentication Methods
94 Tunnel Endpoint
95 Connection Type
96 A data error has occurred. No IP filter has been associated with this rule.
97 A data error has occurred. Multiple IP filters are associated with this rule.
98 AH Integrity
99 Compression
100 Encryption
101 Integrity
102 The selected IP filter list is currently being used by this rule. Select a different IP filter list before attempting to remove it.
103 The selected filter action is currently being used by this rule. Select a different filter action before attempting to remove it.
104 A data error has occurred.
105 <Dynamic>
106 <None>
107 Policy Assigned
109 New Rule
110 Edit Rule
111 Select a certification authority (CA) you want to use when verifying IPsec certificates
112 There was an error in displaying the trusted root certification authorities.
113 Export
115 Manage IP Filter Lists
116 IP Security Policies on %1
117 Active Directory
118 Feature not implemented.
120 A data error has occurred. No filter action is associated with this rule.
121 <Integral>
122 <Dynamic>
123 <Data Error: Unknown type>
124 Kerberos
125 Certificate
126 Preshared Key
127 Dynamic
128 &Restore Default Policies
129 Restores the default IP Security policies to their initial settings.
131 The default IP Security policies were successfully restored to their initial settings.
132 You must select AH, ESP, or both.
133 Diffie-Hellman Group
134 This filter action requires at least one security method.
135 No ESP encryption or integrity algorithm was selected. The ESP selection has been removed.
136 An IPsec policy has been provided by the domain controller.\nDomain provided policy overrides policy assigned on the local (or remote) computer.
137 Allowing unsecured communication may expose your network to security risks by allowing IP traffic to be sent with no authentication or encryption.\n\nOn a computer with Windows Vista or a later version of Windows, this option allows unsecured communication to be sent anytime a secure connection cannot be established. On a Windows 2000, Windows XP, or Windows 2003 computer, this option allows unsecured communications to be sent only when the remote computer does not support IPsec.\n\nAre you sure you want to allow unsecured communication when secure communication cannot be established?
138 Enable unsecured communication?
139 You must enter a number that is greater than zero in the host portion of this IP address.
140 You must enter a number that is greater than zero in the network portion of this IP address.
142 The IPsec policy is assigned, but the IPsec service is not running. You must start the 'IPsec Services' service to activate the assigned policy.
143 Policy is assigned, but it is being overridden by Active Directory-assigned policy.
144 Create IPsec Security policy
146 Add IPsec Security Rule
148 Enter the name and description of the new IP Security policy
149 There was an error retrieving the distinguished name string from the certificate.
150 Select the certification authority that you require for IPsec authentication when using this security rule.
152 The default ""Anybody"" IP filter could not be found, probably because it was explicitly removed. You can either continue without this filter, or a new one can be generated for you.\n\nIf you choose to restore the default filter the IPsec Responder, Lockdown, and Secure Initiator policies will also be restored to their initial settings.\n\nDo you want to restore the default policies?
153 A filter must be selected for this IPsec policy. The default Any rule was removed, so you must select another rule.
154 Add a filter action
159 &Manage IP filter lists and filter actions...
160 Manages IP filter lists and filter actions.
161 Manage IP filter lists and filter actions
162 <This value appears to be invalid>
163 Hos&t name:
164 &IP Address or Subnet:
165 &Host name:
167 Cached IP Address:
168 <None>
169 Any
170 Other
171 My IP Address
172 Any IP Address
173 A specific DNS Name
174 A specific IP Address or Subnet
175 A specific IP Subnet
176 Select which computer or domain this snap-in will manage
177 The source address has been adjusted by the specified subnet mask.
178 The destination address has been adjusted by the specified subnet mask.
179 A source DNS name must be entered.
180 A destination DNS name must be entered.
183 The source DNS name resolved to multiple IP addresses. The first one is being cached.
184 The destination DNS name resolved to multiple IP addresses. The first one is being cached.
185 The source DNS name could not be resolved. No IP address information is being cached.
186 The destination DNS name could not be resolved. No IP address information is being cached.
187 IP security cannot be triggered by port 500 traffic. Port 500 is used by Internet Key Exchange (IKE) traffic.
188 IP Filter
189 Mirrored
190 Destination DNS Name
191 Destination Address
193 Protocol
194 Source Port
195 Destination Port
196 Source DNS Name
197 Source Address
199 Description
200 When this console is saved the location will also be saved
201 A filter action requires at least one security method for negotiation. This filter action has none. Select a different one, or add a security method.
202 The currently selected filter action has been deactivated because at least one security method is required.
203 This IP filter list is empty. It will not match IP packets. Do you want to save this filter list without any filters?
205 You must enter a protocol number that is in the range of 0 through 255.
206 You cannot use a multicast address for a subnet or for both the source address and the destination address.
207 An IP filter list requires at least one filter to be activated. This IP filter list has no filters.
208 Set the name and description.
209 This is an invalid mask for the specified IP address.
210 The source and destination address can not be the same.
211 &Close
212 The settings you have selected correspond to a %1 security level. Your security method's type will be changed to reflect this state.
213 DNS names are only used to build IP address filters. To ensure security, do not add, delete, or change source or destination IP addresses without updating this filter list and verifying that all IP addresses for a computer are included.\n\nDo you want to create a filter for each of the listed addresses?\n\n
214 Security Warning
215 This security method duplicates an existing one. Either modify it, or cancel this dialog box.
216 IP Add&ress or Subnet:
220 EGP
221 HMP
222 XNS-IDP
223 RDP
224 RVD
225 (%1)'s generated filter action
226 Specify how this policy responds to requests for secure communication.
227 To add multiple authentication methods, edit the default response rule after completing the wizard.
228 The security rule must be applied to a network type.
229 To add multiple authentication methods, edit the security rule after completing the wizard.
230 Select the IP filter list for the type of IP traffic to which this security rule applies.
231 Select the filter action for this security rule.
232 Specify whether this rule indicates that the computer should act as a tunnel server or as a tunnel client.
233 The tunnel endpoint is the tunneling computer closest to the IP traffic destination, as specified by the security rule's IP filter list.
234 Set the filter action behavior.
235 Communicating with computers that do not support IPsec may expose your network to security risks.
236 Specify a security method for IP traffic. To add multiple security methods, edit the filter action after completing the wizard.
237 Add an IP filter.
238 Specify the source address of the IP traffic.
239 Specify the destination address of the IP traffic.
240 Select the IP protocol type. If this type is TCP or UDP, you will also specify the source and destination ports.
241 Many TCP/IP application protocols are established with well-known TCP or UDP ports.
242 You must enter a number that is greater than zero in the first octet of this IP address or subnet.
243 You must enter a number that is less than 240 in the first octet of this IP address or subnet.
244 A multicast address is not valid for a tunnel address.
245 The loopback address (127.0.0.1) is not valid for a tunnel address.
246 IP Filter List Warning
247 The description for the destination IP subnet is being changed to "%1" because the subnet mask does not specify a subnet.
248 The description for the source IP subnet is being changed to "%1" because the subnet mask does not specify a subnet.
249 You must enter a remote computer name.
250 Kerberos is valid only when this rule is enabled on a computer which is a member of a domain. This computer is not a member of a domain. Do you want to continue and save these rule properties?
253 Key Lifetimes (KB/sec)
254 %1!i! / %2!i!
255 Edit Authentication Method
256 New Authentication Method
257 There was a problem refreshing policies. Continue refreshing? (Error = %1!lx!)
258 &Finish
259 You must enter a domain name.
260 An error occurred attempting to assign a restored default policy. You must specify the assigned policy manually.
261 An error occurred during the attempt to refresh the IPsec policy. The policy might have been deleted or the connection to the IPsec policy storage location might have been lost. (Error = %1!lx!)
262 Name this IP Security policy and provide a brief description
263 IP Security Policy Name
264 Requests for Secure Communication
265 Default Response Rule Authentication Method
266 Tunnel Endpoint
267 Network Type
268 Authentication Method
269 IP Filter List
270 Filter Action
271 Filter Action Name
272 Name this filter action and provide a brief description.
273 Filter Action General Options
274 Communicating with computers that do not support IPsec
275 IP Traffic Security
276 IP Traffic Source
277 IP Traffic Destination
278 IP Protocol Type
279 IP Protocol Port
280 The version of the IPsec policy in the IPsec policy storage location is an earlier version (%d.%d) than that expected (%d.%d). As a result, this component might not function correctly. Default settings will be used for any IPsec policy data that is not found in the policy storage location. You should upgrade the policy version.
281 The version of the IPsec policy in the IPsec policy storage location is a later version (%d.%d) than expected (%d.%d). As a result, this component might not function correctly, and some of the policy data in the policy store will be ignored. You should upgrade this component.
282 The version of the IPsec policy in the IPsec policy storage location is not supported. The IPsec policy in the policy storage is version (%d.x). This component only supports version (%d.x). You must upgrade this component for the stored IPsec policy to function correctly.
283 No policy storage was found for the specified provider.\n
284 No IPsec policy version information was found. As a result, IPsec policies cannot be retrieved.
285 The version of the IPsec policy in the IPsec policy storage location is not supported. The IPsec policy in the policy storage is version (%d.x). This component only supports version (%d.x). You must upgrade this component for the stored IPsec policy to function correctly.
286 Active Directory does not contain a shared certificate store. When configuring Active Directory-based IPsec policy to use certificate authentication, you must ensure that each domain member has an appropriate certificate installed.\n\nDo you want to select a certification authority from the certificate store on the local computer?\n
287 You must type a name.
289 The network connection to the IPsec policy storage location was lost. Close all open dialog boxes.\n\nDo you want to attempt to reconnect to the IPsec policy storage location now?\n
290 Certification authority
291 Method
292 Details
293 You must browse for a certification authority
294 You must specify a preshared key
295 You must specify an authentication method.
296 The IP filter lists cannot be removed because one or more of them are in use.
297 The selected IP filter actions cannot be removed because one or more of them are in use.
298 Key exchange requires at least one security method.
299 IP Filter Description and Mirrored property
300 Use the Description field to specify a name or a detailed explanation of the IP filter.\nSelect the Mirrored check box to specify a filter in each direction.
301 Last Modified Time
601 %1 (%2)
602 Soft security associations are not allowed for IPsec tunnel policy.
603 DNS Servers <dynamic>
604 WINS Servers <dynamic>
605 DHCP Server <dynamic>
606 Default Gateway <dynamic>
607 Internet Proxy Server <dynamic>
608 HTTP Proxy
609 You can only select a dynamic address for the source or for the destination, not for both.
610 GPO Name
611 Precedence
612 OU
613 &View...
614 ,
615 The loopback address (127.0.0.1) is not a valid source or destination address.
616 Destination IP version does not match the source IP version.
2000 Yes
2001 No
2002 ESP with encryption and no authentication is no longer supported. Use integrity (MD5 or SHA1) with the ESP format.
3000 The DNS name '%1' could not be resolved. You must enter a valid DNS name.
3001 The following source IP addresses were found for DNS name '%1': %2.
3002 The following destination IP addresses were found for DNS name '%1': %2.
3004 ,
3005 Out of memory.
3006 You must enter a name for the IPsec policy.
3007 You must enter a number that is in the range of %1 through %2.
3008 The number of minutes is invalid. You must enter a number that is in the range of %1 through %2.
3009 This key exchange security method duplicates an existing one. Either modify it, or cancel this dialog box.
3010 The IP filter lists could not be removed, due to the following error: %1.
3011 The IP filter actions could not be removed, due to the following error: %1.
3012 You cannot add more security methods. The maximum number of security methods have already been added.
3013 You cannot add more key exchange security methods. The maximum of %d key exchange security methods have already been added to the list.
3014 There is already a preshared key in the list of authentication methods. A rule cannot have multiple preshared keys as the authentication methods.
3015 This authentication method duplicates an existing one.
3016 Conversion of unicode to multibyte string failed.
4005 IPsec Policy Files
4006 All Files
4007 Verdana Bold
4008 12
4009 Certificate to account mapping is not allowed on computers that are not members of a domain. \nIPsec negotiations that use certificate mapping will fail.\n This option is being disabled for this method. Other methods that use this option should be edited to ensure correct IP Security behavior for this policy.\n When closing this dialog box, click OK to ensure that this option is properly disabled for this method.
5001 The following error occurred when saving IP Security data: \n\n%1
5002 The following error occurred when loading IP Security data:\n\n%1
5003 The operation failed due to the following error.\n\n%1
5004 The following error occurred when loading IP Security rule data. Some of the IP Security rules may be corrupted.\n\n%1
5005 <None>
5006 IP address or subnet specification is not valid.
5007 Invalid address
5008 Enter a valid IPv4 address, IPv6 address, or a subnet specification.
6011 Invalid character
6012 Enter a valid IPv4 or IPv6 address or subnet.
6013 Invalid address
6014 %d filters were skipped in this filter list because they use features that are not compatible with this interface.
6015 Some filters were skipped
6016 MD5 and DES are considered to be insecure algorithms and their use is not recommended. Are you sure that you want to use them?
6017 Importing policies may take several minutes or longer. Canceling this process or closing this program before import finishes could result in policy corruption. Do you want to continue?
6018 The default response rule is not valid on Windows Vista. It is valid only on earlier versions of Windows.\n\nDo you want to activate it?
