Share via


IKEEXT_POLICY0 (Compact 7)

3/12/2014

This structure is used to store the IKE main mode negotiation policy.

Syntax

typedef struct IKEEXT_POLICY0_ {
  UINT32 softExpirationTime;
  UINT32 numAuthenticationMethods;
  IKEEXT_AUTHENTICATION_METHOD0* authenticationMethods;
  IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
  UINT32 numIkeProposals;
  IKEEXT_PROPOSAL0* ikeProposals;
  UINT32 flags;
  UINT32 maxDynamicFilters;
} IKEEXT_POLICY0;

Members

  • softExpirationTime
    Unused parameter, always set this to 0.
  • numAuthenticationMethods
    Number of authentication methods.
  • numIkeProposals
    Number of main mode proposals.
  • ikeProposals
    Array of main mode proposals.

    See topic IKEEXT_PROPOSAL0 for more information.

  • flags
    A combination of the values listed in the Remarks section below.
  • maxDynamicFilters
    Maximum number of dynamic IPsec filters per remote IP address and per transport layer that is allowed to be added for any SA negotiated using this policy.

    Set this to 0 to disable dynamic filter addition. Dynamic filters are added by IKE on responder, when the QM traffic proposed by initiator is a subset of responder's traffic configuration.

Remarks

The flags data member could be a combination of the following values.

IKE/AuthIP policy flag Meaning

IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS

Disable special diagnostics mode for IKE. This will prevent IKE from accepting unauthenticated notifications from peer, or sending MS_STATUS notifications to peer.

IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY

Disable SA verification of machine LUID.

Requirements

Header

fwpmu.h

See Also

Reference

WFP IKE Structures

Other Resources

Windows Filtering Platform