Có lẽ quan trọng nhất của các tùy chọn này là khóa phiên Perfect Forward bạn chọn tùy chọn này bạn đảm bảo rằng các phím phiên keying vật liệu không tái sử dụng, | 266 Chapter 7 IP Security for Microsoft Windows 2000 Server Figure The Request Security Optional Properties Window Perhaps the most important of these options is the session key Perfect Forward you select this option you ensure that session keys or keying material are not reused and new Diffie-Hellman exchanges will take place after the session key lifetimes have expired. Click Cancel to return to the Edit Rule Properties dialog box. Click the Authentication Methods tab. Here you can select your preferred authentication method. Kerberos is the default authentication can include other methods in the list and each will be processed in descending can click Add to include additional authentication methods as shown in Figure . Figure The Authentication Method Configuration Tab IP Security for Microsoft Windows 2000 Server Chapter 7 267 Click the Tunnel Setting tab if the endpoint for the filter is a tunnel endpoint. Click the Connection Type tab to apply the rule to all network connections local area network LAN or remote access as shown in Figure . Figure The Connection Type Setting Window You cannot delete the built-in policies but you can edit them. However it is recommended that you leave the built-in policies as they are and create new policies for custom requirements. Flexible Negotiation Policies Security method negotiation is required to establish an IPSec can use the default security policies or you can create your own custom policies using a wizard-based approach. To add a new filter action that will be used to create a new security policy click Add after selecting the Filter Action tab. When the wizard has completed you can edit the security negotiation method. When you double-click the Request Security Optional filter action you will see the Request Security Optional Properties dialog box. If you select the Negotiate security option and then click Add you can add a new .