IKEEXT_POLICY0 (Compact 2013)
3/26/2014
This structure is used to store the IKE main mode negotiation policy.
Syntax
typedef struct IKEEXT_POLICY0_ {
UINT32 softExpirationTime;
UINT32 numAuthenticationMethods;
IKEEXT_AUTHENTICATION_METHOD0* authenticationMethods;
IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
UINT32 numIkeProposals;
IKEEXT_PROPOSAL0* ikeProposals;
UINT32 flags;
UINT32 maxDynamicFilters;
} IKEEXT_POLICY0;
Members
- softExpirationTime
Unused parameter, always set this to 0.
- numAuthenticationMethods
Number of authentication methods.
authenticationMethods
Array of acceptable authentication methods.See topic IKEEXT_AUTHENTICATION_METHOD0 for more information.
initiatorImpersonationType
Type of impersonation. Applies only to AuthIP.See topic IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information.
- numIkeProposals
Number of main mode proposals.
ikeProposals
Array of main mode proposals.See topic IKEEXT_PROPOSAL0 for more information.
- flags
A combination of the values listed in the Remarks section below.
maxDynamicFilters
Maximum number of dynamic IPsec filters per remote IP address and per transport layer that is allowed to be added for any SA negotiated using this policy.Set this to 0 to disable dynamic filter addition. Dynamic filters are added by IKE on responder, when the QM traffic proposed by initiator is a subset of responder's traffic configuration.
Remarks
The flags data member could be a combination of the following values.
IKE/AuthIP policy flag |
Meaning |
|---|---|
IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS |
Disable special diagnostics mode for IKE. This will prevent IKE from accepting unauthenticated notifications from peer, or sending MS_STATUS notifications to peer. |
IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY |
Disable SA verification of machine LUID. |
Requirements
Header |
fwpmu.h |