Edit

IKEEXT_POLICY0 structure (iketypes.h)

  • Article

The IKEEXT_POLICY0 structure is used to store the IKE/AuthIP main mode negotiation policy. IKEEXT_POLICY1 is available. For Windows 8, IKEEXT_POLICY2 is available.

 

Syntax

typedef struct IKEEXT_POLICY0_ {
  UINT32                                   softExpirationTime;
  UINT32                                   numAuthenticationMethods;
  IKEEXT_AUTHENTICATION_METHOD0            *authenticationMethods;
  IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
  UINT32                                   numIkeProposals;
  IKEEXT_PROPOSAL0                         *ikeProposals;
  UINT32                                   flags;
  UINT32                                   maxDynamicFilters;
} IKEEXT_POLICY0;

Members

softExpirationTime

Unused parameter, always set this to 0.

numAuthenticationMethods

Number of authentication methods.

authenticationMethods

Array of acceptable authentication methods.

See IKEEXT_AUTHENTICATION_METHOD0 for more information.

initiatorImpersonationType

Type of impersonation. Applies only to AuthIP.

See IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information.

numIkeProposals

Number of main mode proposals.

ikeProposals

Array of main mode proposals.

See IKEEXT_PROPOSAL0 for more information.

flags

A combination of the following values.

IKE/AuthIP policy flag Meaning
IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS
 Disable special diagnostics mode for IKE/Authip. This will prevent IKE/AuthIp from accepting unauthenticated notifications from peer, or sending MS_STATUS notifications to peer.
IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY
 Disable SA verification of machine LUID.
IKEEXT_POLICY_FLAG_NO_IMPERSONATION_LUID_VERIFY
 Disable SA verification of machine impersonation LUID.

Applicable only to AuthIP.
IKEEXT_POLICY_FLAG_ENABLE_OPTIONAL_DH
 Allow the responder to accept any DH proposal, including no DH, regardless of what is configured in policy.

Applicable only to AuthIP.

maxDynamicFilters

Maximum number of dynamic IPsec filters per remote IP address and per transport layer that is allowed to be added for any SA negotiated using this policy.

Set this to 0 to disable dynamic filter addition. Dynamic filters are added by IKE/AuthIP on responder, when the QM traffic proposed by initiator is a subset of responder's traffic configuration.

Requirements

Requirement Value
Minimum supported client Windows Vista [desktop apps only]
Minimum supported server Windows Server 2008 [desktop apps only]
Header iketypes.h

See also

Windows Filtering Platform API Structures