다음을 통해 공유


IPSec Application Development (Windows Embedded CE 6.0)

1/6/2010

Windows Embedded CE includes the IPSec v4 Catalog item. The Windows Embedded CE implementation of this protocol enables two devices on a network to establish peer-to-peer communication using the IP Security (IPSec) protocol. This protocol enables Windows Embedded CE-based devices to participate in networks that are secured by IPSec.

The following table shows components of the Windows Embedded CE IPSec implementation.

Component Library

IPSecPolicy Agent

ipsecsvc.dll

Internet Key Exchange (IKE)

ipsecsvc.dll

IPSec Driver

ipsec.dll

The Windows Embedded CE implementation of IPSec supports Encapsulating Security Payload (ESP) authentication and encryption using transport-mode connectivity. The Authentication Header (AH) protocol and tunnel-mode connectivity are not supported in Windows Embedded CE.

The following table shows the modes for IPSec communication that Windows Embedded CE supports.

Mode Description

Default responder mode

The CE device will respond to requests for securing traffic. If the peer wants to protect traffic, the CE device will respond to Internet Key Exchange (IKE) negotiations. If the negotiations succeed, incoming and outgoing traffic will be secured by IPSec. The Internet Control Message Protocol (ICMP) is exempt by default. As part of IKE negotiation, both peers must negotiate with each other.

Default initiator mode with optional fallback to clear.

The CE device will try to secure all outgoing traffic. If the device is unable to establish a secure channel, it will, by default fall back to allowing clear traffic. The CE device will allow clear incoming traffic by default.

See Also

Concepts

IKE Authentication

Other Resources

IPSec v4