IPSEC_TRANSPORT_POLICY1 structure

The IPSEC_TRANSPORT_POLICY1 structure stores the quick mode negotiation policy for transport mode IPsec.

Note  IPSEC_TRANSPORT_POLICY1 is the specific implementation of IPSEC_TRANSPORT_POLICY used in Windows 7. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information. For Windows Vista, IPSEC_TRANSPORT_POLICY0 is available. For Windows 8, IPSEC_TRANSPORT_POLICY2 is available.
 

Syntax


typedef struct IPSEC_TRANSPORT_POLICY1_ {
  UINT32                 numIpsecProposals;
  IPSEC_PROPOSAL0        *ipsecProposals;
  UINT32                 flags;
  UINT32                 ndAllowClearTimeoutSeconds;
  IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
  IKEEXT_EM_POLICY1      *emPolicy;
} IPSEC_TRANSPORT_POLICY1;

Members

numIpsecProposals

Number of quick mode proposals in the policy.

ipsecProposals

Array of quick mode proposals.

See IPSEC_PROPOSAL0 for more information.

flags

A combination of the following values.

IPsec policy flagMeaning
IPSEC_POLICY_FLAG_ND_SECURE

Do negotiation discovery in secure ring.

IPSEC_POLICY_FLAG_ND_BOUNDARY

Do negotiation discovery in the untrusted perimeter zone.

IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_PEER_BEHIND_NAT

If set, IPsec expects that either the local or remote machine is behind a network address translation (NAT) device, but not both. This allows for less secure, but more flexible behavior.

IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_GENERAL_NAT_TRAVERSAL

If set, IPsec expects default ports when either the local, the remote, or both machines are behind a NAT device.

IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME

If set, Internet Key Exchange (IKE) will not send the ISAKMP attribute for 'seconds' lifetime during quick mode negotiation.

IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME

If set, IKE will not send the ISAKMP attribute for 'byte' lifetime during quick mode negotiation.

 

ndAllowClearTimeoutSeconds

Timeout in seconds, after which the IPsec security association (SA) should stop accepting packets coming in the clear. Used for negotiation discovery.

saIdleTimeout

An IPSEC_SA_IDLE_TIMEOUT0 structure that specifies the SA idle timeout in IPsec policy.

emPolicy

The AuthIP extended mode authentication policy.

See IKEEXT_EM_POLICY1 for more information.

Requirements

Minimum supported client

Windows 7 [desktop apps only]

Minimum supported server

Windows Server 2008 R2 [desktop apps only]

Header

Ipsectypes.h

IDL

Ipsectypes.idl

See also

Windows Filtering Platform API Structures
IPSEC_PROPOSAL0
IPSEC_SA_IDLE_TIMEOUT0
IKEEXT_EM_POLICY1

 

 

Show: