Expand Minimize

IPSEC_TUNNEL_POLICY2 structure

The IPSEC_TUNNEL_POLICY2 structure stores the quick mode negotiation policy for tunnel mode IPsec.

Note  IPSEC_TUNNEL_POLICY2 is the specific implementation of IPSEC_TUNNEL_POLICY used in Windows 8. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows 7, IPSEC_TUNNEL_POLICY1 is available. For Windows Vista, IPSEC_TUNNEL_POLICY0 is available.

Syntax


typedef struct IPSEC_TUNNEL_POLICY2_ {
  UINT32                  flags;
  UINT32                  numIpsecProposals;
  IPSEC_PROPOSAL0         *ipsecProposals;
  IPSEC_TUNNEL_ENDPOINTS2 tunnelEndpoints;
  IPSEC_SA_IDLE_TIMEOUT0  saIdleTimeout;
  IKEEXT_EM_POLICY2       *emPolicy;
  UINT32                  fwdPathSaLifetime;
} IPSEC_TUNNEL_POLICY2;

Members

flags

Type: UINT32

A combination of the following values.

IPsec policy flagMeaning
IPSEC_POLICY_FLAG_ND_SECURE

Do negotiation discovery in secure ring.

IPSEC_POLICY_FLAG_ND_BOUNDARY

Do negotiation discovery in the untrusted perimeter zone.

IPSEC_POLICY_FLAG_CLEAR_DF_ON_TUNNEL

Clear the "DontFragment" bit on the outer IP header of an IPsec tunneled packet.

IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME

If set, Internet Key Exchange (IKE) will not send the ISAKMP attribute for 'seconds' lifetime during quick mode negotiation.

IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME

If set, IKE will not send the ISAKMP attribute for 'byte' lifetime during quick mode negotiation.

IPSEC_POLICY_FLAG_ENABLE_V6_IN_V4_TUNNELING

Negotiate IPv6 inside IPv4 IPsec tunneling. Applicable only for tunnel mode policy, and supported only by IKEv2.

IPSEC_POLICY_FLAG_ENABLE_SERVER_ADDR_ASSIGNMENT

Enable calls to RAS VPN server for address assignment. Applicable only for tunnel mode policy, and supported only by IKEv2.

IPSEC_POLICY_FLAG_TUNNEL_ALLOW_OUTBOUND_CLEAR_CONNECTION

Allow outbound connections to bypass the tunnel policy. Applicable only for tunnel mode policy on a tunnel gateway. Do not set on a tunnel client.

IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ALREADY_SECURE_CONNECTION

Allow ESP or UDP 500/4500 traffic to bypass the tunnel. Applicable only for tunnel mode policy.

IPSEC_POLICY_FLAG_TUNNEL_BYPASS_ICMPV6

Allow ICMPv6 traffic to bypass the tunnel. Applicable only for tunnel mode policy.

IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_DICTATE_KEY

Allow key dictation for quick mode policy. Applicable only for AuthIP policy.

IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_NOTIFY_KEY

Allow key notification for quick mode policy. Applicable for AuthIP/IKE/IKEv2 policy.

 

numIpsecProposals

Type: UINT32

Number of quick mode proposals in the policy.

ipsecProposals

Type: IPSEC_PROPOSAL0*

Array of quick mode proposals.

tunnelEndpoints

Type: IPSEC_TUNNEL_ENDPOINTS2

Tunnel endpoints of the IPsec security association (SA) generated from this policy.

saIdleTimeout

Type: IPSEC_SA_IDLE_TIMEOUT0

Specifies the SA idle timeout in IPsec policy.

emPolicy

Type: IKEEXT_EM_POLICY2*

The AuthIP extended mode authentication policy.

fwdPathSaLifetime

Type: UINT32

The forward path SA lifetime indicating the length of time for this connection.

Requirements

Minimum supported client

Windows 8 [desktop apps only]

Minimum supported server

Windows Server 2012 [desktop apps only]

Header

Ipsectypes.h

IDL

Ipsectypes.idl

See also

Windows Filtering Platform API Structures
IPSEC_PROPOSAL0
IPSEC_TUNNEL_ENDPOINTS2
IPSEC_SA_IDLE_TIMEOUT0
IKEEXT_EM_POLICY2

 

 

Community Additions

ADD
Show:
© 2014 Microsoft