IPSEC_TRANSPORT_POLICY0 (Compact 2013)
3/26/2014
This structure stores the quick mode negotiation policy for transport mode IPsec.
Note
AuthIP is not supported in Windows Embedded Compact .
Syntax
typedef struct IPSEC_TRANSPORT_POLICY0_ {
UINT32 numIpsecProposals;
IPSEC_PROPOSAL0* ipsecProposals;
UINT32 flags;
UINT32 ndAllowClearTimeoutSeconds;
IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
IKEEXT_EM_POLICY0* emPolicy;
} IPSEC_TRANSPORT_POLICY0;
Members
- numIpsecProposals
Number of quick mode proposals in the policy
ipsecProposals
Array of quick mode proposals.See topic IPSEC_PROPOSAL0 for more information.
- flags
A combination of the values listed in the Remarks section below
- ndAllowClearTimeoutSeconds
Timeout in seconds, after which the IPsec security association (SA) should stop accepting packets coming in the clear. Used for negotiation discovery.
- saIdleTimeout
An IPSEC_SA_IDLE_TIMEOUT0 structure that specifies the SA idle timeout in IPsec policy.
emPolicy
The AuthIP extended mode authentication policy.See topic IKEEXT_EM_POLICY0 for more information.
Remarks
The following is a list of the possible values for the flags data member:
IPSec policy flag |
Meaning |
|---|---|
IPSEC_POLICY_FLAG_ND_SECURE |
Do negotiation discovery in secure ring. |
IPSEC_POLICY_FLAG_ND_BOUNDARY |
Do negotiation discovery in the untrusted perimeter zone. |
IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_PEER_BEHIND_NAT |
If set, IPsec expects that either the local or remote machine is behind a network address translation (NAT) device, but not both. This allows for less secure, but more flexible behavior. |
IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_GENERAL_NAT_TRAVERSAL |
If set, IPsec expects default ports when either the local, the remote, or both machines are behind a NAT device. |
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME |
If set, Internet Key Exchange (IKE) will not send the ISAKMP attribute for 'seconds' lifetime during quick mode negotiation. |
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME |
If set, IKE will not send the ISAKMP attribute for 'byte' lifetime during quick mode negotiation. |
Requirements
Header |
fwpmu.h |