Share via


IPSEC_TRANSPORT_POLICY0 (Compact 7)

3/12/2014

This structure stores the quick mode negotiation policy for transport mode IPsec.

Note

AuthIP is not supported in Windows Embedded Compact .

Syntax

typedef struct IPSEC_TRANSPORT_POLICY0_ {
  UINT32 numIpsecProposals;
  IPSEC_PROPOSAL0* ipsecProposals;
  UINT32 flags;
  UINT32 ndAllowClearTimeoutSeconds;
  IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
  IKEEXT_EM_POLICY0* emPolicy;
} IPSEC_TRANSPORT_POLICY0;

Members

  • numIpsecProposals
    Number of quick mode proposals in the policy
  • ipsecProposals
    Array of quick mode proposals.

    See topic IPSEC_PROPOSAL0 for more information.

  • flags
    A combination of the values listed in the Remarks section below
  • ndAllowClearTimeoutSeconds
    Timeout in seconds, after which the IPsec security association (SA) should stop accepting packets coming in the clear. Used for negotiation discovery.
  • emPolicy
    The AuthIP extended mode authentication policy.

    See topic IKEEXT_EM_POLICY0 for more information.

Remarks

The following is a list of the possible values for the flags data member:

IPSec policy flag Meaning

IPSEC_POLICY_FLAG_ND_SECURE

Do negotiation discovery in secure ring.

IPSEC_POLICY_FLAG_ND_BOUNDARY

Do negotiation discovery in the untrusted perimeter zone.

IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_PEER_BEHIND_NAT

If set, IPsec expects that either the local or remote machine is behind a network address translation (NAT) device, but not both. This allows for less secure, but more flexible behavior.

IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_GENERAL_NAT_TRAVERSAL

If set, IPsec expects default ports when either the local, the remote, or both machines are behind a NAT device.

IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME

If set, Internet Key Exchange (IKE) will not send the ISAKMP attribute for 'seconds' lifetime during quick mode negotiation.

IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME

If set, IKE will not send the ISAKMP attribute for 'byte' lifetime during quick mode negotiation.

Requirements

Header

fwpmu.h

See Also

Reference

WFP IPsec Structures

Other Resources

Windows Filtering Platform