In Windows Firewall with Advanced Security, you configure an outbound firewall rule which requires the corresponding traffic to be authenticated and optionally encrypted. This is done by either enabling “Allow only secure connections” in the user interface or by using “NETSH ADVFIREWALL” at a Command Prompt with the arguments “security=authenticate” or “security=authenc”.

A corresponding Connection Security (IPsec) rule is configured.

Attempting communication with a host that meets the criteria for the rule you created will fail.

Authenticated Internet Protocol: A Microsoft proprietary extension of the IKE cryptographic protocol which adds a second authentication to the standard IKE authentication which increases security and deployability of IPsec VPNs.