IPSec Application Development (Windows Embedded CE 6.0)
1/6/2010
Windows Embedded CE includes the IPSec v4 Catalog item. The Windows Embedded CE implementation of this protocol enables two devices on a network to establish peer-to-peer communication using the IP Security (IPSec) protocol. This protocol enables Windows Embedded CE-based devices to participate in networks that are secured by IPSec.
The following table shows components of the Windows Embedded CE IPSec implementation.
| Component | Library |
|---|---|
IPSecPolicy Agent |
ipsecsvc.dll |
Internet Key Exchange (IKE) |
ipsecsvc.dll |
IPSec Driver |
ipsec.dll |
The Windows Embedded CE implementation of IPSec supports Encapsulating Security Payload (ESP) authentication and encryption using transport-mode connectivity. The Authentication Header (AH) protocol and tunnel-mode connectivity are not supported in Windows Embedded CE.
The following table shows the modes for IPSec communication that Windows Embedded CE supports.
| Mode | Description |
|---|---|
Default responder mode |
The CE device will respond to requests for securing traffic. If the peer wants to protect traffic, the CE device will respond to Internet Key Exchange (IKE) negotiations. If the negotiations succeed, incoming and outgoing traffic will be secured by IPSec. The Internet Control Message Protocol (ICMP) is exempt by default. As part of IKE negotiation, both peers must negotiate with each other. |
Default initiator mode with optional fallback to clear. |
The CE device will try to secure all outgoing traffic. If the device is unable to establish a secure channel, it will, by default fall back to allowing clear traffic. The CE device will allow clear incoming traffic by default. |