4.1.1 Policy Creation
The protocol messages that occur to create the policy are as follows.
An LDAP addRequest message consists of the following.
CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com
objectClass = "ipsecPolicy"
ipsecName = "Domain Isolation Policy"
description = "Policy to secure corporate network traffic"
ipsecID = "{E514E247-80C3-429A-8D69-74BD54FEB31E}"
distinguishedName = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"
ipsecDataType = "256"
ipsecData = << 25-byte Octet String of IPsec policy data >>
An LDAP addRequest message consists of the following.
CN=ipsecISAKMPPolicy{12A63239-DFB6-4f7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com
objectClass = "ipsecISAKMPPolicy"
ipsecName = "All Traffic Filter"
ipsecID = "{12A63239-DFB6-4F7A-9E84-FEA90E81202A}"
distinguishedName = "CN=ipsecISAKMPPolicy{12A63239-DFB6-4f7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"
ipsecOwnersReference = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"
ipsecDataType = "256"
ipsecData = << 293-byte Octet String of IPsec (ISAKMP) policy data >>
An LDAP addRequest message consists of the following.
ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security, CN=System,DC=myDomain,DC=contoso,DC=com
objectClass = "ipsecNFA"
ipsecName = "All Traffic Filters"
description = "Me to Any Filters for traffic protection"
ipsecID = "{116CA92D-D536-4A44-BDCE-17D8363ED949}"
distinguishedName = "ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecOwnersReference = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"
ipsecDataType = "256"
ipsecData = << 172-byte Octet String of IPsec (NFA) policy data >>
An LDAP addRequest message consists of the following.
ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com
objectClass = "ipsecNegotiationPolicy"
ipsecName = "All Traffic Filter"
description = "Secure the traffic with ESP(3DES)"
ipsecID = "{72385233-70FA-11D1-864C-14A300000000}"
distinguishedName = "ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecOwnersReference = "CN= ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecNegotiationPolicyAction = "{3F91A819-7647-11D1-864D-D46A00000000}"
ipsecNegotiationPolicyType = "{62F49E10-6C37-11D1-864C-14A300000000}"
ipsecDataType = "256"
ipsecData = << 43-byte Octet String of IPsec (Negotiation) policy data >>
An LDAP addRequest message consists of the following.
ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com
objectClass = "ipsecFilter"
ipsecName = "All Traffic Filter"
description = "Protect all traffic to my servers"
ipsecID = "{2FE2FD79-0389-4D6C-8794-55C4D444DB31}"
distinguishedName = "ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecOwnersReference = "CN= ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecDataType = "256"
ipsecData = << 108-byte Octet String of IPsec (Filter) policy data >>
An LDAP modifyRequest (with the replace operation) message consists of the following:
CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com
ipsecISAKMPReference= "CN=ipsecISAKMPPolicy{12A63239-DFB6-4f7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com"
ipsecNFAReference= " CN=ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security, CN=System,DC=myDomain,DC=contoso,DC=com "
An LDAP modifyRequest (with the replace operation) message consists of the following:
CN=ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security, CN=System,DC=myDomain,DC=contoso,DC=com
ipsecNegotiationPolicyReference= "CN= ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecFilterReference= "CN=ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com"