4.2.2 Retrieving the Assigned Policy Data

The protocol messages that occur to retrieve the assigned policy data are as follows:

LDAP searchRequest message, as specified in ipsecPolicy Object Attribute Details (section 2.2.1.1):

  • Location: CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com

  • Filter: (&(objectclass=ipsecPolicy)(cn=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E}))

  • Attributes: ipsecName, description, ipsecID, distinguishedName, ipsecISAKMPReference, ipsecNFAReference, ipsecDataType, ipsecData

The data returned is as follows:

  • ipsecName = "Domain Isolation Policy"

  • description = "Policy to secure corporate network traffic"

  • ipsecID = "{E514E247-80C3-429A-8D69-74BD54FEB31E}"

  • distinguishedName = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"

  • ipsecISAKMPReference = "ipsecISAKMPPolicy{12A63239-DFB6-4F7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"

  • ipsecNFAReference = ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecDataType = "256"

  • ipsecData = << 25-byte Octet String of IPsec policy data >>

LDAP searchRequest message, as specified in ipsecISAKMPPolicy Object Attribute Details (section 2.2.1.2):

  • Location: CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com

  • Filter: (&(objectclass=ipsecISAKMPPolicy)(cn=ipsecISAKMPPolicy{12A63239-DFB6-4f7A-9E84-FEA90E81202A}))

  • Attributes: ipsecName, ipsecID, distinguishedName, ipsecOwnersReference, ipsecDataType, ipsecData

The data returned is as follows:

  • ipsecName = ""

  • ipsecID = "{12A63239-DFB6-4F7A-9E84-FEA90E81202A}"

  • distinguishedName = "CN=ipsecISAKMPPolicy{12A63239-DFB6-4F7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com "

  • ipsecOwnersReference = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"

  • ipsecDataType = "256"

  • ipsecData = << 293-byte Octet String of IPsec (ISAKMP) policy data >>

LDAP searchRequest message, as specified in ipsecNFA Object Attribute Details (section 2.2.1.3):

  • Location: CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com

  • Filter: (&(objectclass=ipsecNFA)(cn=ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949}))

  • Attributes: ipsecName, description, ipsecID, distinguishedName, ipsecOwnersReference, ipsecNegotiationPolicyReference, ipsecDataType, ipsecData

The data returned is as follows:

  • ipsecName = "All Traffic Filters"

  • description = "Me to Any Filters for traffic protection"

  • ipsecID = "{116CA92D-D536-4A44-BDCE-17D8363ED949}"

  • distinguishedName = "ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecOwnersReference = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"

  • ipsecFilterReference = "CN=ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"

  • ipsecNegotiationPolicyReference = "CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecDataType = "256"

  • ipsecData = << 172-byte Octet String of IPsec (NFA) policy data >>

LDAP searchRequest message, as specified in ipsecNegotiationPolicy Object Attribute Details (section 2.2.1.4):

  • Location: CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com

  • Filter: (&(objectclass=ipsecNegotiationPolicy)(cn= ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000}))

  • Attributes: ipsecName, description, ipsecID, distinguishedName, ipsecOwnersReference, ipsecNegotiationPolicyAction, ipsecNegotiationPolicyType, ipsecDataType, ipsecData

The data returned is as follows:

  • ipsecName = ""

  • description = "Secure the traffic with ESP(3DES)"

  • ipsecID = "{72385233-70FA-11D1-864C-14A300000000}"

  • distinguishedName = "ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecOwnersReference = "CN= ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecNegotiationPolicyAction = "{8A171DD3-77E3-11D1-8659-A04F00000000} "

  • ipsecNegotiationPolicyType = "{62F49E10-6C37-11D1-864C-14A300000000}"

  • ipsecDataType = "256"

  • ipsecData = << 43-byte Octet String of IPsec (Negotiation) policy data >>

LDAP searchRequest message, as specified in ipsecFilter Object Attribute Details (section 2.2.1.5):

  • Location: CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com

  • Filter: (&(objectclass=ipsecFilter)(cn=ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31}))

  • Attributes: ipsecName, description, ipsecID, distinguishedName, ipsecOwnersReference, ipsecDataType, ipsecData

The data returned is as follows:

  • ipsecName = "All Traffic Filter"

  • description = "Protect all traffic to my servers"

  • ipsecID = "{2FE2FD79-0389-4D6C-8794-55C4D444DB31}"

  • distinguishedName = "ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecOwnersReference = "CN= ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"

  • ipsecDataType = "256"

  • ipsecData = << 108-byte Octet String of IPsec (Filter) policy data >>