4.1.1 Policy Creation

The protocol messages that occur to create the policy are as follows.

 An LDAP addRequest message consists of the following.

  • CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com

  • objectClass = "ipsecPolicy"

  • ipsecName = "Domain Isolation Policy"

  • description = "Policy to secure corporate network traffic"

  • ipsecID = "{E514E247-80C3-429A-8D69-74BD54FEB31E}"

  • distinguishedName = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"

  • ipsecDataType = "256"

  • ipsecData = << 25-byte Octet String of IPsec policy data >>

An LDAP addRequest message consists of the following.

  • CN=ipsecISAKMPPolicy{12A63239-DFB6-4f7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com

  • objectClass = "ipsecISAKMPPolicy"

  • ipsecName = "All Traffic Filter"

  • ipsecID = "{12A63239-DFB6-4F7A-9E84-FEA90E81202A}"

  • distinguishedName = "CN=ipsecISAKMPPolicy{12A63239-DFB6-4f7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"

  • ipsecOwnersReference = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"

  • ipsecDataType = "256"

  • ipsecData = << 293-byte Octet String of IPsec (ISAKMP) policy data >>

An LDAP addRequest message consists of the following.

  • ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security, CN=System,DC=myDomain,DC=contoso,DC=com

  • objectClass = "ipsecNFA"

  • ipsecName = "All Traffic Filters"

  • description = "Me to Any Filters for traffic protection"

  • ipsecID = "{116CA92D-D536-4A44-BDCE-17D8363ED949}"

  • distinguishedName = "ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecOwnersReference = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"

  • ipsecDataType = "256"

  • ipsecData = << 172-byte Octet String of IPsec (NFA) policy data >>

 An LDAP addRequest message consists of the following.

  • ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com

  • objectClass = "ipsecNegotiationPolicy"

  • ipsecName = "All Traffic Filter"

  • description = "Secure the traffic with ESP(3DES)"

  • ipsecID = "{72385233-70FA-11D1-864C-14A300000000}"

  • distinguishedName = "ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecOwnersReference = "CN= ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecNegotiationPolicyAction = "{3F91A819-7647-11D1-864D-D46A00000000}"

  • ipsecNegotiationPolicyType = "{62F49E10-6C37-11D1-864C-14A300000000}"

  • ipsecDataType = "256"

  • ipsecData = << 43-byte Octet String of IPsec (Negotiation) policy data >>

An LDAP addRequest message consists of the following.

  • ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com

  • objectClass = "ipsecFilter"

  • ipsecName = "All Traffic Filter"

  • description = "Protect all traffic to my servers"

  • ipsecID = "{2FE2FD79-0389-4D6C-8794-55C4D444DB31}"

  • distinguishedName = "ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecOwnersReference = "CN= ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecDataType = "256"

  • ipsecData = << 108-byte Octet String of IPsec (Filter) policy data >>

An LDAP modifyRequest (with the replace operation) message consists of the following:

  •  CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com

  • ipsecISAKMPReference= "CN=ipsecISAKMPPolicy{12A63239-DFB6-4f7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com"

  • ipsecNFAReference= " CN=ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security, CN=System,DC=myDomain,DC=contoso,DC=com "

An LDAP modifyRequest (with the replace operation) message consists of the following:

  • CN=ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security, CN=System,DC=myDomain,DC=contoso,DC=com

  • ipsecNegotiationPolicyReference= "CN= ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecFilterReference= "CN=ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com"