IKEEXT_POLICY0 structure

The IKEEXT_POLICY0 structure is used to store the IKE/AuthIP main mode negotiation policy.

Note  IKEEXT_POLICY0 is the specific implementation of IKEEXT_POLICY used in Windows Vista. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows 7, IKEEXT_POLICY1 is available. For Windows 8, IKEEXT_POLICY2 is available.
 

Syntax


typedef struct IKEEXT_POLICY0_ {
  UINT32                                   softExpirationTime;
  UINT32                                   numAuthenticationMethods;
  IKEEXT_AUTHENTICATION_METHOD0            *authenticationMethods;
  IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE initiatorImpersonationType;
  UINT32                                   numIkeProposals;
  IKEEXT_PROPOSAL0                         *ikeProposals;
  UINT32                                   flags;
  UINT32                                   maxDynamicFilters;
} IKEEXT_POLICY0;

Members

softExpirationTime

Unused parameter, always set this to 0.

numAuthenticationMethods

Number of authentication methods.

authenticationMethods

Array of acceptable authentication methods.

See IKEEXT_AUTHENTICATION_METHOD0 for more information.

initiatorImpersonationType

Type of impersonation. Applies only to AuthIP.

See IKEEXT_AUTHENTICATION_IMPERSONATION_TYPE for more information.

numIkeProposals

Number of main mode proposals.

ikeProposals

Array of main mode proposals.

See IKEEXT_PROPOSAL0 for more information.

flags

A combination of the following values.

IKE/AuthIP policy flagMeaning
IKEEXT_POLICY_FLAG_DISABLE_DIAGNOSTICS

Disable special diagnostics mode for IKE/Authip. This will prevent IKE/AuthIp from accepting unauthenticated notifications from peer, or sending MS_STATUS notifications to peer.

IKEEXT_POLICY_FLAG_NO_MACHINE_LUID_VERIFY

Disable SA verification of machine LUID.

IKEEXT_POLICY_FLAG_NO_IMPERSONATION_LUID_VERIFY

Disable SA verification of machine impersonation LUID.

Applicable only to AuthIP.

IKEEXT_POLICY_FLAG_ENABLE_OPTIONAL_DH

Allow the responder to accept any DH proposal, including no DH, regardless of what is configured in policy.

Applicable only to AuthIP.

 

maxDynamicFilters

Maximum number of dynamic IPsec filters per remote IP address and per transport layer that is allowed to be added for any SA negotiated using this policy.

Set this to 0 to disable dynamic filter addition. Dynamic filters are added by IKE/AuthIP on responder, when the QM traffic proposed by initiator is a subset of responder's traffic configuration.

Requirements

Minimum supported client

Windows Vista [desktop apps only]

Minimum supported server

Windows Server 2008 [desktop apps only]

Header

Iketypes.h

IDL

Iketypes.idl

See also

Windows Filtering Platform API Structures

 

 

Show: