Edit

IPSEC_TRANSPORT_POLICY2 structure (ipsectypes.h)

  • Article

The IPSEC_TRANSPORT_POLICY2 structure stores the quick mode negotiation policy for transport mode IPsec. IPSEC_TRANSPORT_POLICY0 is available.

Syntax

typedef struct IPSEC_TRANSPORT_POLICY2_ {
  UINT32                 numIpsecProposals;
  IPSEC_PROPOSAL0        *ipsecProposals;
  UINT32                 flags;
  UINT32                 ndAllowClearTimeoutSeconds;
  IPSEC_SA_IDLE_TIMEOUT0 saIdleTimeout;
  IKEEXT_EM_POLICY2      *emPolicy;
} IPSEC_TRANSPORT_POLICY2;

Members

numIpsecProposals

Type: UINT32

Number of quick mode proposals in the policy.

ipsecProposals

Type: IPSEC_PROPOSAL0*

Array of quick mode proposals.

flags

Type: UINT32

A combination of the following values.

IPsec policy flag Meaning
IPSEC_POLICY_FLAG_ND_SECURE
 Do negotiation discovery in secure ring.
IPSEC_POLICY_FLAG_ND_BOUNDARY
 Do negotiation discovery in the untrusted perimeter zone.
IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_PEER_BEHIND_NAT
 If set, IPsec expects that either the local or remote machine is behind a network address translation (NAT) device, but not both. This allows for less secure, but more flexible behavior.
IPSEC_POLICY_FLAG_NAT_ENCAP_ALLOW_GENERAL_NAT_TRAVERSAL
 If set, IPsec expects default ports when either the local, the remote, or both machines are behind a NAT device.
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_SECOND_LIFETIME
 If set, Internet Key Exchange (IKE) will not send the ISAKMP attribute for 'seconds' lifetime during quick mode negotiation.
IPSEC_POLICY_FLAG_DONT_NEGOTIATE_BYTE_LIFETIME
 If set, IKE will not send the ISAKMP attribute for 'byte' lifetime during quick mode negotiation.
IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_DICTATE_KEY
 Allow key dictation for quick mode policy. Applicable only for AuthIP policy.
IPSEC_POLICY_FLAG_KEY_MANAGER_ALLOW_NOTIFY_KEY
Allow key notification for quick mode policy. Applicable for AuthIP/IKE/IKEv2 policy.

ndAllowClearTimeoutSeconds

Type: UINT32

Timeout in seconds, after which the IPsec security association (SA) should stop accepting packets coming in the clear. Used for negotiation discovery.

saIdleTimeout

Type: IPSEC_SA_IDLE_TIMEOUT0

The SA idle timeout in IPsec policy.

emPolicy

Type: IKEEXT_EM_POLICY2*

The AuthIP extended mode authentication policy.

Requirements

Requirement Value
Minimum supported client Windows 8 [desktop apps only]
Minimum supported server Windows Server 2012 [desktop apps only]
Header ipsectypes.h

See also

IKEEXT_EM_POLICY2

IPSEC_PROPOSAL0

IPSEC_SA_IDLE_TIMEOUT0

Windows Filtering Platform API Structures