IPv6 utilities

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

IPv6 utilities

The following IPv6 command-line utilities are available for making configuration changes.

Netsh commands for Interface IPv6

You can configure the IPv6 protocol with the interface IPv6 context of Netsh.exe, which is used for both configuring and displaying the configuration of interfaces, addresses, caches, and routes.

Netsh commands for Interface IPv6 is a set of commands, each with its own set of parameters. In addition, you can use commands that are available in the netsh interface IPv6 6to4 context to both configure or display the configuration of the IPv6 Helper service on either a 6to4 host or a 6to4 router.

For more information about using the IPv6 Helper service, see IPv6 traffic between nodes in different sites across the Internet (6to4).

For more information about Netsh, see Netsh overview.

For the complete Netsh interface IPv6 command reference, see Netsh commands for Interface IPv6.

Ipsec6.exe

You can use Ipsec6.exe to configure IPSec policies and security associations.

Ipsec6.exe has multiple commands, each with its own set of parameters.

  • ipsec6 sp [Interface]

    Displays the active security policies. Alternately, displays the active security policies for a specific interface.

  • ipsec6 sa

    Displays the active security associations.

  • ipsec6 lFileNameWithNoExtension

    Loads the security policies from FileName.spd, and the security associations from FileName.sad.

  • ipsec6 sFileNameWithNoExtension

    Saves the current security policies to FileName.spd, and the current security associations to FileName.sad. You can use this command to create files that are used to configure security policy and security associations. When there are no security policies or security associations, this command creates FileName.spd for security policies and FileName.sad for security associations. You can use these files as templates to configure the desired security policies or security associations by modifying them with a text editor.

  • ipsec6 d [{sp | sa}] [Index]

    Deletes the security policies (using the sp parameter) or security associations (using the sa parameter) from the list of active security policies and security associations, as specified by index number. You can use ipsec6 sp or ipsec6 sa to display the index number.

  • ipsec6 m [{on | off}]

    Specifies whether binding updates that are used for mobile IPv6 are protected by IP security. This is enabled by default.

Caution

  • This implementation of IPSec for IPv6 is not recommended for use in a production environment because it relies on static keying and has no provisions for updating keys upon sequence number reuse.

  • When you manually configure Security Policies Identifiers (SPIs), always use random numbers. Do not use sequential numbers for SPIs, or you will compromise the security of your IPSec for IPv6 policies.

  • The IPv6 protocol for the Windows Server 2003 family does not support the use of IPSec Encapsulating Security Payload (ESP) encryption. However, the use of ESP with NULL encryption is supported. Although NULL encryption uses the ESP header, only data origin authentication and data integrity services are provided.