IPSec settings in Firewall

Microsoft help documentation (noted previously) provides fairly thorough understanding of the features to IPSec settings. The key aspects of the help docs that you should remember:

1. Key Exchange—To enable secure communication, two computers must be able to access the same shared key without transferring that key across the network. Clicking the Settings button allows you to configure security methods, key exchange algorithms, and key lifetimes.
2. Data Protection—IPSec data protection defines the algorithms used to provide data integrity and encryption. Data integrity ensures that data is not modified during transit. Windows Firewall with Advanced Security uses the Authentication Header (AH) or Encapsulating Security Payload (ESP) protocol to provide data protection. Data encryption protects data by concealing the information. Windows Firewall with Advanced Security uses the ESP protocol for data encryption.
3. Authentication Method—This setting lets you choose the default authentication method for IPSec connections on the local computer, unless a different method is applied by a specific rule or by Group Policy settings. The out-of-box authentication method is Kerberos v5. You can also restrict connections to domain-joined computers or users, or to computers that have a certificate from a specified Certificate Authority (CA).