4.2.2 Retrieving the Assigned Policy Data
The protocol messages that occur to retrieve the assigned policy data are as follows:
LDAP searchRequest message, as specified in ipsecPolicy Object Attribute Details (section 2.2.1.1):
Location: CN=IP Security, CN=System, DC=myDomain,DC=contoso,DC=com
Filter: (&(objectclass=ipsecPolicy)(cn=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E}))
Attributes: ipsecName, description, ipsecID, distinguishedName, ipsecISAKMPReference, ipsecNFAReference, ipsecDataType, ipsecData
The data returned is as follows:
ipsecName = "Domain Isolation Policy"
description = "Policy to secure corporate network traffic"
ipsecID = "{E514E247-80C3-429A-8D69-74BD54FEB31E}"
distinguishedName = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"
ipsecISAKMPReference = "ipsecISAKMPPolicy{12A63239-DFB6-4F7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"
ipsecNFAReference = ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecDataType = "256"
ipsecData = << 25-byte Octet String of IPsec policy data >>
LDAP searchRequest message, as specified in ipsecISAKMPPolicy Object Attribute Details (section 2.2.1.2):
Location: CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com
Filter: (&(objectclass=ipsecISAKMPPolicy)(cn=ipsecISAKMPPolicy{12A63239-DFB6-4f7A-9E84-FEA90E81202A}))
Attributes: ipsecName, ipsecID, distinguishedName, ipsecOwnersReference, ipsecDataType, ipsecData
The data returned is as follows:
ipsecName = ""
ipsecID = "{12A63239-DFB6-4F7A-9E84-FEA90E81202A}"
distinguishedName = "CN=ipsecISAKMPPolicy{12A63239-DFB6-4F7A-9E84-FEA90E81202A},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com "
ipsecOwnersReference = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"
ipsecDataType = "256"
ipsecData = << 293-byte Octet String of IPsec (ISAKMP) policy data >>
LDAP searchRequest message, as specified in ipsecNFA Object Attribute Details (section 2.2.1.3):
Location: CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com
Filter: (&(objectclass=ipsecNFA)(cn=ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949}))
Attributes: ipsecName, description, ipsecID, distinguishedName, ipsecOwnersReference, ipsecNegotiationPolicyReference, ipsecDataType, ipsecData
The data returned is as follows:
ipsecName = "All Traffic Filters"
description = "Me to Any Filters for traffic protection"
ipsecID = "{116CA92D-D536-4A44-BDCE-17D8363ED949}"
distinguishedName = "ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecOwnersReference = "CN=ipsecPolicy{E514E247-80C3-429A-8D69-74BD54FEB31E},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"
ipsecFilterReference = "CN=ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security,CN=System,DC=myDomain, DC=contoso,DC=com"
ipsecNegotiationPolicyReference = "CN=ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecDataType = "256"
ipsecData = << 172-byte Octet String of IPsec (NFA) policy data >>
LDAP searchRequest message, as specified in ipsecNegotiationPolicy Object Attribute Details (section 2.2.1.4):
Location: CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com
Filter: (&(objectclass=ipsecNegotiationPolicy)(cn= ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000}))
Attributes: ipsecName, description, ipsecID, distinguishedName, ipsecOwnersReference, ipsecNegotiationPolicyAction, ipsecNegotiationPolicyType, ipsecDataType, ipsecData
The data returned is as follows:
ipsecName = ""
description = "Secure the traffic with ESP(3DES)"
ipsecID = "{72385233-70FA-11D1-864C-14A300000000}"
distinguishedName = "ipsecNegotiationPolicy{72385233-70FA-11D1-864C-14A300000000},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecOwnersReference = "CN= ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecNegotiationPolicyAction = "{8A171DD3-77E3-11D1-8659-A04F00000000} "
ipsecNegotiationPolicyType = "{62F49E10-6C37-11D1-864C-14A300000000}"
ipsecDataType = "256"
ipsecData = << 43-byte Octet String of IPsec (Negotiation) policy data >>
LDAP searchRequest message, as specified in ipsecFilter Object Attribute Details (section 2.2.1.5):
Location: CN=IP Security,CN=System,DC=myDomain,DC=contoso,DC=com
Filter: (&(objectclass=ipsecFilter)(cn=ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31}))
Attributes: ipsecName, description, ipsecID, distinguishedName, ipsecOwnersReference, ipsecDataType, ipsecData
The data returned is as follows:
ipsecName = "All Traffic Filter"
description = "Protect all traffic to my servers"
ipsecID = "{2FE2FD79-0389-4D6C-8794-55C4D444DB31}"
distinguishedName = "ipsecFilter{2FE2FD79-0389-4D6C-8794-55C4D444DB31},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecOwnersReference = "CN= ipsecNFA{116CA92D-D536-4A44-BDCE-17D8363ED949},CN=IP Security,CN=System, DC=myDomain,DC=contoso,DC=com"
ipsecDataType = "256"
ipsecData = << 108-byte Octet String of IPsec (Filter) policy data >>