IPSEC_TRANSPORT_POLICY1 structure (ipsectypes.h)

The IPSEC_TRANSPORT_POLICY1 structure stores the quick mode negotiation policy for transport mode IPsec. IPSEC_TRANSPORT_POLICY2 is available.

Syntax

typedef struct IPSEC_TRANSPORT_POLICY1_ {
  UINT32                 numIpsecProposals;
  IPSEC_PROPOSAL0        *ipsecProposals;
  UINT32                 flags;
  UINT32                 ndAllowClearTimeoutSeconds;
  IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
  IKEEXT_EM_POLICY1      *emPolicy;
} IPSEC_TRANSPORT_POLICY1;

Members

numIpsecProposals

Number of quick mode proposals in the policy.

ipsecProposals

Array of quick mode proposals.

See IPSEC_PROPOSAL0 for more information.

flags

A combination of the following values.

IPsec policy flag Meaning
IPSEC_POLICY_FLAG_ND_SECURE
Do negotiation discovery in secure ring.
IPSEC_POLICY_FLAG_ND_BOUNDARY
Do negotiation discovery in the untrusted perimeter zone.
IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_PEER_BEHIND_NAT
If set, IPsec expects that either the local or remote machine is behind a network address translation (NAT) device, but not both. This allows for less secure, but more flexible behavior.
IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_GENERAL_NAT_TRAVERSAL
If set, IPsec expects default ports when either the local, the remote, or both machines are behind a NAT device.
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME
If set, Internet Key Exchange (IKE) will not send the ISAKMP attribute for 'seconds' lifetime during quick mode negotiation.
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME
If set, IKE will not send the ISAKMP attribute for 'byte' lifetime during quick mode negotiation.

ndAllowClearTimeoutSeconds

Timeout in seconds, after which the IPsec security association (SA) should stop accepting packets coming in the clear. Used for negotiation discovery.

saIdleTimeout

An IPSEC_SA_IDLE_TIMEOUT0 structure that specifies the SA idle timeout in IPsec policy.

emPolicy

The AuthIP extended mode authentication policy.

See IKEEXT_EM_POLICY1 for more information.

Requirements

   
Minimum supported client Windows 7 [desktop apps only]
Minimum supported server Windows Server 2008 R2 [desktop apps only]
Header ipsectypes.h

See also

IKEEXT_EM_POLICY1

IPSEC_PROPOSAL0

IPSEC_SA_IDLE_TIMEOUT0

Windows Filtering Platform API Structures