124 C HAPTER 7: C ONFIGURING IP S ECURITYCreating a Security PolicyThe process you use to create and enable a security policywill depend on your network environment requirements.The following is an example of one approach to creating asecurity policy.Defining the ConsoleThis sequence establishes the Console and defines itsparameters.To define the Console:1 In the Windows taskbar, click Start, Programs,Accessories, and then Command Prompt.2 At the DOS prompt, type MMC and press Enter.The Console1 screen appears.3 In the menu click Console and then Add/RemoveSnap-in.The Add/Remove Snap-in screen appears.Custom varies This provides encryption and an extraauthentication that includes the IP header.Custom allows you to select options for both AHand ESP, such as MD%/SHA-1 and DES/3DES. Andyou can select the rate at which new keys arenegotiated.Microsoft uses IKE key exchange to renew keysevery x seconds or y bytes. However, this practiceis computationally very high in overhead. Someusers may set these values low and have frequentkey updates. Users more concerned withperformance will set these values higher.For more information, see the Microsoftdocumentation about creating IPSec flows.EncryptionTypeEncryptionLevel Description (continued)You must complete all of the sequences in this sectionto establish and enable a security policy fortransmitting and receiving encrypted data over thenetwork.