IPSEC_TUNNEL_POLICY0 (Compact 7)
3/12/2014
This structure stores the quick mode negotiation policy for tunnel mode IPSec.
Note
AuthIP is not supported in Windows Embedded Compact .
Syntax
typedef struct IPSEC_TUNNEL_POLICY0_ {
UINT32 flags;
UINT32 numIpsecProposals;
IPSEC_PROPOSAL0* ipsecProposals;
IPSEC_TUNNEL_ENDPOINTS0 tunnelEndpoints;
IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
IKEEXT_EM_POLICY0* emPolicy;
} IPSEC_TUNNEL_POLICY0;
Members
- flags
A combination of the values listed in the Remarks section
- numIpsecProposals
Number of quick mode proposals in the policy
ipsecProposals
Array of quick mode proposals.See topic IPSEC_PROPOSAL0 for more information.
tunnelEndpoints
Tunnel endpoints of the IPsec security association (SA) generated from this policy.See topic IPSEC_TUNNEL_ENDPOINTS0 for more information.
- saIdleTimeout
An IPSEC_SA_IDLE_TIMEOUT0 structure that specifies the SA idle timeout in IPsec policy.
emPolicy
The AuthIP extended mode authentication policy.IKEEXT_EM_POLICY0 for more information.
Remarks
The following lists the possible values for the flags data member:
| IPSec policy flag | Meaning |
|---|---|
IPSEC_POLICY_FLAG_ND_SECURE |
Do negotiation discovery in secure ring |
IPSEC_POLICY_FLAG_ND_BOUNDARY |
Do negotiation discovery in the untrusted perimeter zone |
IPSEC_POLICY_FLAG_CLEAR_DF_ON_TUNNEL |
Clear the "DontFragment" bit on the outer IP header of an IPsec tunneled packet |
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME |
If set, IKE will not send the ISAKMP attribute for 'seconds' lifetime during quick mode negotiation |
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME |
If set, IKE will not send the ISAKMP attribute for 'byte' lifetime during quick mode negotiation |
Requirements
Header |
fwpmu.h |